HeNeArXn@chaos.socia..
replied 14 Apr 2024 16:13 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/66QHvBgf35zcy2Y2m4
@benjojo Has any OS/environment put the weirder ones behind a flag? (I'm sure there are are weird legacy cases that actually need them in production *somewhere*, but I don't think I've ever encountered or even heard of one...)
benjojo
replied 14 Apr 2024 17:00 +0000
in reply to: https://chaos.social/users/HeNeArXn/statuses/112270455412466982
@HeNeArXn It would appear that musl does not care for the more weird stuff: https://git.musl-libc.org/cgit/musl/tree/src/network/inet_aton.c
benjojo
replied 14 Apr 2024 15:49 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/66QHvBgf35zcy2Y2m4
Of course, inet_aton's other legacy will be all of the "trick shot" XSS / WAF bypasses that it allows, since nearly everything is a valid IP address with that damn function. During the time where I was the maintainer of a largely deployed WAF product, inet_aton was a constant pain in the ass due to all of the creative ways you could fit IP addresses in places that should not have IP addresses in them.
jschauma@mstdn.socia..
replied 14 Apr 2024 16:12 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/sF3Vz1ydq1pp8ywjv8
@benjojo @bert_hubert Trollolol indeed. :-) Relevant to your current interests: https://www.netmeister.org/blog/inet_aton.html