From 9fc66e4dd966f18a8dbe7f251ab2a791dc8b8f23 Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sesse@google.com>
Date: Sat, 29 Sep 2007 13:52:14 +0000
Subject: [PATCH] Be stricter about what's a valid IP address in fake_hostent.
 (Patch from the Google tree.)

---
 ares/ares_gethostbyname.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/ares/ares_gethostbyname.c b/ares/ares_gethostbyname.c
index 49ae53ed3b..7a4aad6e30 100644
--- a/ares/ares_gethostbyname.c
+++ b/ares/ares_gethostbyname.c
@@ -209,7 +209,27 @@ static int fake_hostent(const char *name, int family, ares_host_callback callbac
   struct in6_addr in6;
 
   if (family == AF_INET)
-    result = ((in.s_addr = inet_addr(name)) == INADDR_NONE ? 0 : 1);
+    {
+      /* It only looks like an IP address if it's all numbers and dots. */
+      int numdots = 0;
+      const char *p;
+      for (p = name; *p; p++)
+        {
+          if (!isdigit(*p) && *p != '.') {
+            return 0;
+          } else if (*p == '.') {
+            numdots++;
+          }
+        }
+    
+      /* if we don't have 3 dots, it is illegal 
+       * (although inet_addr doesn't think so).
+       */
+      if (numdots != 3)
+        result = 0;
+      else
+        result = ((in.s_addr = inet_addr(name)) == INADDR_NONE ? 0 : 1);
+    }
   else if (family == AF_INET6)
     result = (ares_inet_pton(AF_INET6, name, &in6) < 1 ? 0 : 1);
 
-- 
GitLab