From 4e99b35fe5683875eb3931c4f2a12538e103e0dd Mon Sep 17 00:00:00 2001 From: linear0211 Date: Thu, 11 Sep 2025 22:05:44 +0900 Subject: [PATCH 1/5] Ensure --addr-pool mask accepts numbers only --- core/iwasm/common/wasm_runtime_common.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/core/iwasm/common/wasm_runtime_common.c b/core/iwasm/common/wasm_runtime_common.c index 26283b3f8b..9c4e8b9682 100644 --- a/core/iwasm/common/wasm_runtime_common.c +++ b/core/iwasm/common/wasm_runtime_common.c @@ -3812,7 +3812,8 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, /* addr_pool(textual) -> apool */ for (i = 0; i < addr_pool_size; i++) { - char *cp, *address, *mask; + char *cp, *address, *mask, *endptr; + long mask_val; bool ret = false; cp = bh_strdup(addr_pool[i]); @@ -3833,7 +3834,15 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, goto fail; } - ret = addr_pool_insert(apool, address, (uint8)atoi(mask)); + mask_val = strtol(mask, &endptr, 10); + + if (*endptr != '\0') { + snprintf(error_buf, error_buf_size, + "Invalid address pool entry: mask must be a number"); + goto fail; + } + + ret = addr_pool_insert(apool, address, (uint8)mask_val); wasm_runtime_free(cp); if (!ret) { set_error_buf(error_buf, error_buf_size, From 02f59f10b273ad9c6e0058b998ee12fc20df5659 Mon Sep 17 00:00:00 2001 From: linear0211 Date: Fri, 12 Sep 2025 21:00:00 +0900 Subject: [PATCH 2/5] Add mask validation --- core/iwasm/common/wasm_runtime_common.c | 8 +++++++- .../libc-wasi/sandboxed-system-primitives/src/posix.c | 8 ++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/core/iwasm/common/wasm_runtime_common.c b/core/iwasm/common/wasm_runtime_common.c index 9c4e8b9682..4ef53fd0a6 100644 --- a/core/iwasm/common/wasm_runtime_common.c +++ b/core/iwasm/common/wasm_runtime_common.c @@ -3834,13 +3834,19 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, goto fail; } + errno = 0; mask_val = strtol(mask, &endptr, 10); - if (*endptr != '\0') { + if (mask == endptr || *endptr != '\0') { snprintf(error_buf, error_buf_size, "Invalid address pool entry: mask must be a number"); goto fail; } + if (errno != 0 || mask_val < 0 || mask_val > 128) { + snprintf(error_buf, error_buf_size, + "Init wasi environment failed: invalid mask number"); + goto fail; + } ret = addr_pool_insert(apool, address, (uint8)mask_val); wasm_runtime_free(cp); diff --git a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c index 3d90811bca..a0bbafac38 100644 --- a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c +++ b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c @@ -3116,10 +3116,18 @@ addr_pool_insert(struct addr_pool *addr_pool, const char *addr, uint8 mask) next->type = IPv6; bh_memcpy_s(next->addr.ip6, sizeof(next->addr.ip6), target.ipv6, sizeof(target.ipv6)); + if (mask > 128) { + wasm_runtime_free(next); + return false; + } } else { next->type = IPv4; next->addr.ip4 = target.ipv4; + if (mask > 32) { + wasm_runtime_free(next); + return false; + } } /* attach with */ From 7c134400aefb0a20b6711488af2fe098250b6080 Mon Sep 17 00:00:00 2001 From: linear0211 <144136043+linear0211@users.noreply.github.com> Date: Mon, 13 Oct 2025 16:02:48 +0900 Subject: [PATCH 3/5] Apply suggestions from code review Co-authored-by: liang.he --- core/iwasm/common/wasm_runtime_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/iwasm/common/wasm_runtime_common.c b/core/iwasm/common/wasm_runtime_common.c index 4ef53fd0a6..4a1da562ba 100644 --- a/core/iwasm/common/wasm_runtime_common.c +++ b/core/iwasm/common/wasm_runtime_common.c @@ -3842,7 +3842,7 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, "Invalid address pool entry: mask must be a number"); goto fail; } - if (errno != 0 || mask_val < 0 || mask_val > 128) { + if (errno != 0 || mask_val < 0) { snprintf(error_buf, error_buf_size, "Init wasi environment failed: invalid mask number"); goto fail; From c8a2956c4ed8e3ebf6ed4b1c8a5d13d4f499894e Mon Sep 17 00:00:00 2001 From: linear0211 Date: Tue, 14 Oct 2025 19:34:03 +0900 Subject: [PATCH 4/5] Replace mask assignment position --- .../libc-wasi/sandboxed-system-primitives/src/posix.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c index a0bbafac38..4987a9d833 100644 --- a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c +++ b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c @@ -3105,7 +3105,6 @@ addr_pool_insert(struct addr_pool *addr_pool, const char *addr, uint8 mask) } next->next = NULL; - next->mask = mask; if (os_socket_inet_network(true, addr, &target) != BHT_OK) { // If parsing IPv4 fails, try IPv6 @@ -3120,6 +3119,7 @@ addr_pool_insert(struct addr_pool *addr_pool, const char *addr, uint8 mask) wasm_runtime_free(next); return false; } + next->mask = mask; } else { next->type = IPv4; @@ -3128,6 +3128,7 @@ addr_pool_insert(struct addr_pool *addr_pool, const char *addr, uint8 mask) wasm_runtime_free(next); return false; } + next->mask = mask; } /* attach with */ From 29c4d906de035d7fdbd9ff7fc7f0733e56da0cd5 Mon Sep 17 00:00:00 2001 From: linear0211 Date: Sat, 25 Oct 2025 19:47:10 +0900 Subject: [PATCH 5/5] Use a thread-safe function and free allocated memory --- core/iwasm/common/wasm_runtime_common.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/core/iwasm/common/wasm_runtime_common.c b/core/iwasm/common/wasm_runtime_common.c index 4a1da562ba..d5bc580f1a 100644 --- a/core/iwasm/common/wasm_runtime_common.c +++ b/core/iwasm/common/wasm_runtime_common.c @@ -3812,7 +3812,7 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, /* addr_pool(textual) -> apool */ for (i = 0; i < addr_pool_size; i++) { - char *cp, *address, *mask, *endptr; + char *cp, *address, *mask, *nextptr, *endptr; long mask_val; bool ret = false; @@ -3823,14 +3823,20 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, goto fail; } - address = strtok(cp, "/"); - mask = strtok(NULL, "/"); +#ifdef BH_PLATFORM_WINDOWS + address = strtok_s(cp, "/", &nextptr); + mask = strtok_s(NULL, "/", &nextptr); +#else + address = strtok_r(cp, "/", &nextptr); + mask = strtok_r(NULL, "/", &nextptr); +#endif if (!mask) { snprintf(error_buf, error_buf_size, "Invalid address pool entry: %s, must be in the format of " "ADDRESS/MASK", addr_pool[i]); + wasm_runtime_free(cp); goto fail; } @@ -3840,11 +3846,13 @@ wasm_runtime_init_wasi(WASMModuleInstanceCommon *module_inst, if (mask == endptr || *endptr != '\0') { snprintf(error_buf, error_buf_size, "Invalid address pool entry: mask must be a number"); + wasm_runtime_free(cp); goto fail; } if (errno != 0 || mask_val < 0) { snprintf(error_buf, error_buf_size, "Init wasi environment failed: invalid mask number"); + wasm_runtime_free(cp); goto fail; }