From 99465b1ab779aa21c86dd9c7ad20c1b1a6b60a17 Mon Sep 17 00:00:00 2001 From: Ivan Kurnosov Date: Tue, 19 May 2015 22:18:22 +1200 Subject: [PATCH 1/4] bug #14674 [HttpFoundation] IpUtils::checkIp4() must accept "0.0.0.0/0" as a valid mask (that includes every IPv4 address) See http://tools.ietf.org/html/rfc4632#section-3.1 --- src/Symfony/Component/HttpFoundation/IpUtils.php | 6 +++++- src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index 68e9421d942aa..b13047f0ab228 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -64,9 +64,13 @@ public static function checkIp4($requestIp, $ip) if (false !== strpos($ip, '/')) { list($address, $netmask) = explode('/', $ip, 2); - if ($netmask < 1 || $netmask > 32) { + if ($netmask < 0 || $netmask > 32) { return false; } + + if ($netmask === '0') { + return true; + } } else { $address = $ip; $netmask = 32; diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php index 726ba6a34795e..9d16d8b792843 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php @@ -34,6 +34,7 @@ public function testIpv4Provider() array(true, '192.168.1.1', array('1.2.3.4/1', '192.168.1.0/24')), array(true, '192.168.1.1', array('192.168.1.0/24', '1.2.3.4/1')), array(false, '192.168.1.1', array('1.2.3.4/1', '4.3.2.1/1')), + array(true, '1.2.3.4', '0.0.0.0/0'), ); } From 9cb4ccb02b76443b55c2020a0386df2df5281b5e Mon Sep 17 00:00:00 2001 From: Ivan Kurnosov Date: Tue, 19 May 2015 23:59:04 +1200 Subject: [PATCH 2/4] bug #14674 [HttpFoundation] Additional check that the network base IP address is a valid IPv4 --- src/Symfony/Component/HttpFoundation/IpUtils.php | 2 +- src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index b13047f0ab228..55061b9cce8c9 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -69,7 +69,7 @@ public static function checkIp4($requestIp, $ip) } if ($netmask === '0') { - return true; + return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } } else { $address = $ip; diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php index 9d16d8b792843..7b7085133a5d8 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php @@ -35,6 +35,7 @@ public function testIpv4Provider() array(true, '192.168.1.1', array('192.168.1.0/24', '1.2.3.4/1')), array(false, '192.168.1.1', array('1.2.3.4/1', '4.3.2.1/1')), array(true, '1.2.3.4', '0.0.0.0/0'), + array(false, '1.2.3.4', '256.256.256/0'), ); } From aa240838c10ce708c3008d8329b209733c362f0e Mon Sep 17 00:00:00 2001 From: Ivan Kurnosov Date: Wed, 20 May 2015 00:08:17 +1200 Subject: [PATCH 3/4] bug #14674 [HttpFoundation] Changed comparison to yoda-style for consistency purposes --- src/Symfony/Component/HttpFoundation/IpUtils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index 55061b9cce8c9..b626c3934586f 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -68,7 +68,7 @@ public static function checkIp4($requestIp, $ip) return false; } - if ($netmask === '0') { + if ('0' === $netmask) { return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } } else { From fadbba99cc8ef55090bf43f34e9b7a49b2ae2cb0 Mon Sep 17 00:00:00 2001 From: Ivan Kurnosov Date: Wed, 20 May 2015 08:02:44 +1200 Subject: [PATCH 4/4] bug #14674 [HttpFoundation] Added a check for `0.0.0.0/0` explicitly, since it's the only allowed network of a `/0` size --- src/Symfony/Component/HttpFoundation/IpUtils.php | 10 +++++----- .../Component/HttpFoundation/Tests/IpUtilsTest.php | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index b626c3934586f..fb906b6812d23 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -62,15 +62,15 @@ public static function checkIp($requestIp, $ips) public static function checkIp4($requestIp, $ip) { if (false !== strpos($ip, '/')) { + if ('0.0.0.0/0' === $ip) { + return true; + } + list($address, $netmask) = explode('/', $ip, 2); - if ($netmask < 0 || $netmask > 32) { + if ($netmask < 1 || $netmask > 32) { return false; } - - if ('0' === $netmask) { - return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } } else { $address = $ip; $netmask = 32; diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php index 7b7085133a5d8..0002478246ab9 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php @@ -36,6 +36,7 @@ public function testIpv4Provider() array(false, '192.168.1.1', array('1.2.3.4/1', '4.3.2.1/1')), array(true, '1.2.3.4', '0.0.0.0/0'), array(false, '1.2.3.4', '256.256.256/0'), + array(false, '1.2.3.4', '192.168.1.0/0'), ); }