Bug #78884 INET_ATON accepts more than four groups of digits and returns INT bigger than 4G
Submitted: 20 Oct 2015 12:01 Modified: 23 Oct 2015 15:38
Reporter: Guilhem Bichot Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S3 (Non-critical)
Version:5.5.43,5.7.10 OS:Any
Assigned to: CPU Architecture:Any

[20 Oct 2015 12:01] Guilhem Bichot
Description:
select inet_aton("255.255.255.255.255.255.255.255"); 

returns 18446744073709551615.

A valid Ipv4 address must have at most 4 groups of dot-separated digits and fit in a 32-bit integer. This is visible in:
- reading of IPv4's specification (RFC791 "Addresses are fixed length of four octets (32 bits)")
- the documentation of glibc's inet_aton (which returns 'int' i.e. 32-bit)
- testing of glibc's inet_pton (which returns an error with the above address)
- failure of MySQL's inet_ntoa: indeed
inet_ntoa(inet_aton("255.255.255.255.255.255.255.255"));
returns NULL, because inet_ntoa enforces that the integer input must be <4G.

How to repeat:
select inet_aton("255.255.255.255.255.255.255.255"); 

Suggested fix:
return error if output > 4G .
[20 Oct 2015 13:21] Guilhem Bichot
inet_aton("foo") returns NULL.
So,
select inet_aton("255.255.255.255.255.255.255.255"); 
should return NULL.
[20 Oct 2015 13:37] Guilhem Bichot
More confirmation: in glibc, inet_pton and inet_ntop use a structure of type
'struct sockaddr_in', containing 'struct in_addr", containing only a type 'in_addr_t' which is 32-bit int.
[20 Oct 2015 13:58] Guilhem Bichot
Even if output is <4G, this is still a wrong address: '0.0.0.0.0' . So, the address must be rejected if it has 4 groups or more.
[23 Oct 2015 15:38] Paul DuBois
Noted in 5.7.10, 5.8.0 changelogs.

INET_ATON() now returns NULL and produces a warning for arguments
that contain more than four groups of digits.