On 3/21/22 15:08, Thorsten Glaser wrote: > On Mon, 21 Mar 2022, Steffen Nurpmeso wrote: > >> |> actually even standardized that "octal numbers" are not supported >> >> ..inet_pton.. > > Huh. Not that but inet_aton on GNU, and other functions apparently. > > This is idiotic, and I guess the same POSIX that insists on octals > for leading-zero numbers in shell, causing no small amount of bugs, > is responsible. Hmph. > >> |> 127.000.000.001 in form fields etc. > > | $ ./a.out 226.000.000.037 # Last byte is in octal > > Given that these may be either decimal or octal, depending on where > they come from, it’s probably for the best to reject them. Not only is it best practice to reject them, failing to do so has caused security holes in the past. I believe both Go and Rust reject them nowadays for that reason. -- Sincerely, Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
