diff --git a/core/iwasm/common/wasm_runtime_common.c b/core/iwasm/common/wasm_runtime_common.c index 26283b3f8b..4ef53fd0a6 100644 --- a/core/iwasm/common/wasm_runtime_common.c +++ b/core/iwasm/common/wasm_runtime_common.c @@ -3812,7 +3812,8 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, /* addr_pool(textual) -> apool */ for (i = 0; i < addr_pool_size; i++) { - char *cp, *address, *mask; + char *cp, *address, *mask, *endptr; + long mask_val; bool ret = false; cp = bh_strdup(addr_pool[i]); @@ -3833,7 +3834,21 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, goto fail; } - ret = addr_pool_insert(apool, address, (uint8)atoi(mask)); + errno = 0; + mask_val = strtol(mask, &endptr, 10); + + if (mask == endptr || *endptr != '\0') { + snprintf(error_buf, error_buf_size, + "Invalid address pool entry: mask must be a number"); + goto fail; + } + if (errno != 0 || mask_val < 0 || mask_val > 128) { + snprintf(error_buf, error_buf_size, + "Init wasi environment failed: invalid mask number"); + goto fail; + } + + ret = addr_pool_insert(apool, address, (uint8)mask_val); wasm_runtime_free(cp); if (!ret) { set_error_buf(error_buf, error_buf_size, diff --git a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c index 3d90811bca..a0bbafac38 100644 --- a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c +++ b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c @@ -3116,10 +3116,18 @@ addr_pool_insert(struct addr_pool *addr_pool, const char *addr, uint8 mask) next->type = IPv6; bh_memcpy_s(next->addr.ip6, sizeof(next->addr.ip6), target.ipv6, sizeof(target.ipv6)); + if (mask > 128) { + wasm_runtime_free(next); + return false; + } } else { next->type = IPv4; next->addr.ip4 = target.ipv4; + if (mask > 32) { + wasm_runtime_free(next); + return false; + } } /* attach with */