Fixed bug #51195 (Calling inet_pton() causes buffer overrun on a struct in6_addr)

src/api/sockets.c

@@ -3354,6 +3354,65 @@ lwip_fcntl(int s, int cmd, int val)
   return ret;
 }
 
+const char *
+lwip_inet_ntop(int af, const void *src, char *dst, socklen_t size)
+{
+  const char *ret = NULL;
+  switch (af) {
+#if LWIP_IPV4
+    case AF_INET:
+      ret = ip4addr_ntoa_r((const ip4_addr_t*)src, dst, size);
+      if (ret == NULL) {
+        set_errno(ENOSPC);
+      }
+      break;
+#endif
+#if LWIP_IPV6
+    case AF_INET6:
+      ret = ip6addr_ntoa_r((const ip6_addr_t*)src, dst, size);
+      if (ret == NULL) {
+        set_errno(ENOSPC);
+      }
+      break;
+#endif
+    default:
+      set_errno(EAFNOSUPPORT);
+      break;
+  }
+  return ret;
+}
+
+int
+lwip_inet_pton(int af, const char *src, void *dst)
+{
+  int err;
+  switch (af) {
+#if LWIP_IPV4
+    case AF_INET:
+      err = ip4addr_aton(src, (ip4_addr_t*)dst);
+      break;
+#endif
+#if LWIP_IPV6
+    case AF_INET6:
+    {
+      /* convert into temporary variable since ip6_addr_t might be larger
+         than in6_addr when scopes are enabled */
+      ip6_addr_t addr;
+      err = ip6addr_aton(src, &addr);
+      if (err) {
+        memcpy(dst, &addr.addr, sizeof(addr.addr));
+      }
+      break;
+    }
+#endif
+    default:
+      err = -1;
+      set_errno(EAFNOSUPPORT);
+      break;
+  }
+  return err;
+}
+
 #if LWIP_IGMP
 /** Register a new IGMP membership. On socket close, the membership is dropped automatically.
  *

src/include/lwip/sockets.h

@@ -509,6 +509,8 @@ void lwip_socket_thread_cleanup(void); /* LWIP_NETCONN_SEM_PER_THREAD==1: destro
 #define lwip_socket       socket
 #define lwip_select       select
 #define lwip_ioctlsocket  ioctl
+#define lwip_inet_ntop    inet_ntop
+#define lwip_inet_pton    inet_pton
 
 #if LWIP_POSIX_SOCKETS_IO_NAMES
 #define lwip_read         read
@@ -550,6 +552,8 @@ int lwip_select(int maxfdp1, fd_set *readset, fd_set *writeset, fd_set *exceptse
 #endif
 int lwip_ioctl(int s, long cmd, void *argp);
 int lwip_fcntl(int s, int cmd, int val);
+const char *lwip_inet_ntop(int af, const void *src, char *dst, socklen_t size);
+int lwip_inet_pton(int af, const char *src, void *dst);
 
 #if LWIP_COMPAT_SOCKETS
 #if LWIP_COMPAT_SOCKETS != 2
@@ -591,6 +595,10 @@ int lwip_fcntl(int s, int cmd, int val);
 #define select(maxfdp1,readset,writeset,exceptset,timeout)     lwip_select(maxfdp1,readset,writeset,exceptset,timeout)
 /** @ingroup socket */
 #define ioctlsocket(s,cmd,argp)                   lwip_ioctl(s,cmd,argp)
+/** @ingroup socket */
+#define inet_ntop(af,src,dst,size)                lwip_inet_ntop(af,src,dst,size)
+/** @ingroup socket */
+#define inet_pton(af,src,dst)                     lwip_inet_pton(af,src,dst)
 
 #if LWIP_POSIX_SOCKETS_IO_NAMES
 /** @ingroup socket */
@@ -608,27 +616,6 @@ int lwip_fcntl(int s, int cmd, int val);
 #endif /* LWIP_POSIX_SOCKETS_IO_NAMES */
 #endif /* LWIP_COMPAT_SOCKETS != 2 */
 
-#if LWIP_IPV4 && LWIP_IPV6
-/** @ingroup socket */
-#define inet_ntop(af,src,dst,size) \
-    (((af) == AF_INET6) ? ip6addr_ntoa_r((const ip6_addr_t*)(src),(dst),(size)) \
-     : (((af) == AF_INET) ? ip4addr_ntoa_r((const ip4_addr_t*)(src),(dst),(size)) : NULL))
-/** @ingroup socket */
-#define inet_pton(af,src,dst) \
-    (((af) == AF_INET6) ? ip6addr_aton((src),(ip6_addr_t*)(dst)) \
-     : (((af) == AF_INET) ? ip4addr_aton((src),(ip4_addr_t*)(dst)) : 0))
-#elif LWIP_IPV4 /* LWIP_IPV4 && LWIP_IPV6 */
-#define inet_ntop(af,src,dst,size) \
-    (((af) == AF_INET) ? ip4addr_ntoa_r((const ip4_addr_t*)(src),(dst),(size)) : NULL)
-#define inet_pton(af,src,dst) \
-    (((af) == AF_INET) ? ip4addr_aton((src),(ip4_addr_t*)(dst)) : 0)
-#else /* LWIP_IPV4 && LWIP_IPV6 */
-#define inet_ntop(af,src,dst,size) \
-    (((af) == AF_INET6) ? ip6addr_ntoa_r((const ip6_addr_t*)(src),(dst),(size)) : NULL)
-#define inet_pton(af,src,dst) \
-    (((af) == AF_INET6) ? ip6addr_aton((src),(ip6_addr_t*)(dst)) : 0)
-#endif /* LWIP_IPV4 && LWIP_IPV6 */
-
 #endif /* LWIP_COMPAT_SOCKETS */
 
 #ifdef __cplusplus