From 2170d3cd710567c35bd438622293808817fbf5ac Mon Sep 17 00:00:00 2001 From: Roy de Vos Burchart Date: Thu, 1 Dec 2022 10:58:44 +0100 Subject: [PATCH] [HttpFoundation] IPv4-mapped IPv6 addresses incorrectly rejected --- src/Symfony/Component/HttpFoundation/IpUtils.php | 12 ++++++++---- .../Component/HttpFoundation/Tests/IpUtilsTest.php | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index de2112cfc7028..01d20d87a40b8 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -125,10 +125,6 @@ public static function checkIp6($requestIp, $ip) } // Check to see if we were given a IP4 $requestIp or $ip by mistake - if (str_contains($requestIp, '.') || str_contains($ip, '.')) { - return self::$checkedIps[$cacheKey] = false; - } - if (!filter_var($requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) { return self::$checkedIps[$cacheKey] = false; } @@ -136,6 +132,10 @@ public static function checkIp6($requestIp, $ip) if (str_contains($ip, '/')) { [$address, $netmask] = explode('/', $ip, 2); + if (!filter_var($address, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) { + return self::$checkedIps[$cacheKey] = false; + } + if ('0' === $netmask) { return (bool) unpack('n*', @inet_pton($address)); } @@ -144,6 +144,10 @@ public static function checkIp6($requestIp, $ip) return self::$checkedIps[$cacheKey] = false; } } else { + if (!filter_var($ip, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) { + return self::$checkedIps[$cacheKey] = false; + } + $address = $ip; $netmask = 128; } diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php index 8de4b4d7bd472..10b40e0541e0c 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php @@ -77,6 +77,7 @@ public function getIpv6Data() [false, '0.0.0.0/8', '::1'], [false, '::1', '127.0.0.1'], [false, '::1', '0.0.0.0/8'], + [true, '::ffff:10.126.42.2', '::ffff:10.0.0.0/0'], ]; } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy