Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 613910b

Browse filesBrowse files
committed
bug #16177 [HttpFoundation] Fixes /0 subnet handling in IpUtils (ultrafez)
This PR was squashed before being merged into the 2.3 branch (closes #16177). Discussion ---------- [HttpFoundation] Fixes /0 subnet handling in IpUtils | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #16055 | License | MIT | Doc PR | Not needed Fixes bug #16055. For IP addresses with CIDR subnet length 0, the IP address must be valid - IPs with subnet masks greater than zero are implicitly validated due to the use of `ip2long` and `substr_compare` (although it's not particularly robust - there could be some future work to improve this here). Commits ------- d9ac571 [HttpFoundation] Fixes /0 subnet handling in IpUtils
2 parents 66c99a0 + d9ac571 commit 613910b
Copy full SHA for 613910b

File tree

2 files changed

+10
-9
lines changed
Filter options

2 files changed

+10
-9
lines changed

‎src/Symfony/Component/HttpFoundation/IpUtils.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/IpUtils.php
+7-6Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -57,18 +57,19 @@ public static function checkIp($requestIp, $ips)
5757
* @param string $requestIp IPv4 address to check
5858
* @param string $ip IPv4 address or subnet in CIDR notation
5959
*
60-
* @return bool Whether the IP is valid
60+
* @return bool Whether the request IP matches the IP, or whether the request IP is within the CIDR subnet.
6161
*/
6262
public static function checkIp4($requestIp, $ip)
6363
{
6464
if (false !== strpos($ip, '/')) {
65-
if ('0.0.0.0/0' === $ip) {
66-
return true;
67-
}
68-
6965
list($address, $netmask) = explode('/', $ip, 2);
7066

71-
if ($netmask < 1 || $netmask > 32) {
67+
if ($netmask === '0') {
68+
// Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here
69+
return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
70+
}
71+
72+
if ($netmask < 0 || $netmask > 32) {
7273
return false;
7374
}
7475
} else {

‎src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,13 +30,13 @@ public function testIpv4Provider()
3030
array(true, '192.168.1.1', '192.168.1.1/1'),
3131
array(true, '192.168.1.1', '192.168.1.0/24'),
3232
array(false, '192.168.1.1', '1.2.3.4/1'),
33-
array(false, '192.168.1.1', '192.168.1/33'),
33+
array(false, '192.168.1.1', '192.168.1.1/33'), // invalid subnet
3434
array(true, '192.168.1.1', array('1.2.3.4/1', '192.168.1.0/24')),
3535
array(true, '192.168.1.1', array('192.168.1.0/24', '1.2.3.4/1')),
3636
array(false, '192.168.1.1', array('1.2.3.4/1', '4.3.2.1/1')),
3737
array(true, '1.2.3.4', '0.0.0.0/0'),
38-
array(false, '1.2.3.4', '256.256.256/0'),
39-
array(false, '1.2.3.4', '192.168.1.0/0'),
38+
array(true, '1.2.3.4', '192.168.1.0/0'),
39+
array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation
4040
);
4141
}
4242

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.