* Merging revisions r45367,r45368 from trunk:

    ------------------------------------------------------------------------
    r45367 | michael | 2020-05-15 12:47:48 +0200 (Fri, 15 May 2020) | 1 line
    
    * Fix bug ID #37080: too permissive val() on supplied quads
    ------------------------------------------------------------------------
    r45368 | michael | 2020-05-15 13:23:14 +0200 (Fri, 15 May 2020) | 1 line
    
    * Max len 3 per number in dotted quad
    ------------------------------------------------------------------------

git-svn-id: branches/fixes_3_2@46571 -

packages/rtl-extra/src/inc/sockets.inc

@@ -303,6 +303,9 @@ end;
 
 function StrToHostAddr(IP : AnsiString) : in_addr ;
 
+Const
+  AllowedChars = ['.','0'..'9'];
+
 Var
     Dummy : AnsiString;
     I,j,k     : Longint;
@@ -310,6 +313,9 @@ Var
 
 begin
   strtohostaddr.s_addr:=0;              //:=NoAddress;
+  for I:=1 to Length(IP) do
+    if Not (IP[I] in AllowedChars) then 
+      exit;
   For I:=1 to 4 do
     begin
       If I<4 Then
@@ -322,6 +328,8 @@ begin
         end
        else
          Dummy:=IP;
+      if Length(Dummy)>3 then 
+        exit;   
       Val (Dummy,k,J);
       If J<>0 then
         exit;