Disallow leading zeroes when parsing IPv4 addresses

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-01-28 00:35:21 +00:00 · 2023-05-01 05:26:47 -04:00 · 2023-05-01 05:26:47 -04:00 · 6f400a376e
commit 6f400a376e
parent 14d6b1124b
2 changed files with 13 additions and 1 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2667,7 +2667,6 @@ static int x509_inet_pton_ipv6(const char *src, void *dst)

 static int x509_inet_pton_ipv4(const char *src, void *dst)
 {
-    /* note: allows leading 0's, e.g. 000.000.000.000 */
    const unsigned char *p = (const unsigned char *) src;
    uint8_t *res = (uint8_t *) dst;
    uint8_t digit, num_digits = 0;
@ -2681,6 +2680,13 @@ static int x509_inet_pton_ipv4(const char *src, void *dst)
            if (digit > 9) {
                break;
            }
+
+            /* Don't allow leading zeroes. These might mean octal format,
+             * which this implementation does not support. */
+            if (octet == 0 && num_digits > 0) {
+                break;
+            }
+
            octet = octet * 10 + digit;
            num_digits++;
            p++;
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@ -1046,6 +1046,12 @@ x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip
 X509 CRT parse CN: IPv4 valid address
 x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4

+X509 CRT parse CN: IPv4 leading zeroes #1
+x509_crt_parse_cn_inet_pton:"010.10.10.10":"":0
+
+X509 CRT parse CN: IPv4 leading zeroes #2
+x509_crt_parse_cn_inet_pton:"10.10.10.001":"":0
+
 X509 CRT parse CN: IPv4 excess 0s
 x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0