Bug #78884 INET_ATON accepts more than four groups of digits and returns INT bigger than 4G
Submitted: 20 Oct 2015 12:01 Modified: 23 Oct 2015 15:38
Reporter: Guilhem Bichot Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Optimizer Severity:S3 (Non-critical)
Version:5.5.43,5.7.10 OS:Any
Assigned to: CPU Architecture:Any

[20 Oct 2015 12:01] Guilhem Bichot
select inet_aton(""); 

returns 18446744073709551615.

A valid Ipv4 address must have at most 4 groups of dot-separated digits and fit in a 32-bit integer. This is visible in:
- reading of IPv4's specification (RFC791 "Addresses are fixed length of four octets (32 bits)")
- the documentation of glibc's inet_aton (which returns 'int' i.e. 32-bit)
- testing of glibc's inet_pton (which returns an error with the above address)
- failure of MySQL's inet_ntoa: indeed
returns NULL, because inet_ntoa enforces that the integer input must be <4G.

How to repeat:
select inet_aton(""); 

Suggested fix:
return error if output > 4G .
[20 Oct 2015 13:21] Guilhem Bichot
inet_aton("foo") returns NULL.
select inet_aton(""); 
should return NULL.
[20 Oct 2015 13:37] Guilhem Bichot
More confirmation: in glibc, inet_pton and inet_ntop use a structure of type
'struct sockaddr_in', containing 'struct in_addr", containing only a type 'in_addr_t' which is 32-bit int.
[20 Oct 2015 13:58] Guilhem Bichot
Even if output is <4G, this is still a wrong address: '' . So, the address must be rejected if it has 4 groups or more.
[23 Oct 2015 15:38] Paul DuBois
Noted in 5.7.10, 5.8.0 changelogs.

INET_ATON() now returns NULL and produces a warning for arguments
that contain more than four groups of digits.