Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Http-Foundation] IpUtils matches IPv6 ::1 with IPv4 0.0.0.0/8  #48049

New issue
Copy link
New issue
Copy link
Closed
#48050
Closed
[Http-Foundation] IpUtils matches IPv6 ::1 with IPv4 0.0.0.0/8 #48049
#48050
Copy link
Labels
BugHttpFoundationStatus: Needs Review
@danielburger1337

Description

@danielburger1337
danielburger1337
opened on Oct 29, 2022
Issue body actions

Symfony version(s) affected

6.1.x

Description

The IpUtils::checkIp6 method validates that IPv6 loopback addresses ::1 are in the IPv4 0.0.0.0/8 subnet.

I don't know much about IPv6 networking and therefor I am not sure if this is expected behavior. I couldn't find any clear information if IPv4 and IPv6 subnet matching SHOULD be compatible.

How to reproduce

use Symfony\Component\HttpFoundation\IpUtils;

var_dump(IpUtils::checkIp('::1', '0.0.0.0/8')); // true

Possible Solution

I'm going to be totally honest, I don't have any clue how the IPv6 net mask validation works but my guess, if this really is a bug, is that there is a logic error because ::1 implies that the first 6 bits are 0.

Additional Context

Again, I don't understand the byte magic that is happening in IpUtils::checkIp6, but my guess is that older version of http-foundation are also affected by this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugHttpFoundationStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.