php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #70845 ip2long should not fail with number starting with zero
Submitted: 2015-11-03 16:28 UTC Modified: 2016-07-03 11:06 UTC
From: raffaellobertini at gmail dot com Assigned:
Status: Open Package: Network related
PHP Version: 5.4.45 OS: centos6.5
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: raffaellobertini at gmail dot com
New email:
PHP Version: OS:

 

 [2015-11-03 16:28 UTC] raffaellobertini at gmail dot com
Description:
------------
just run ip2long('195.194.213.096') it will return false instead of 
interpreting the string as '195,194.213.96'

if you point me to the code i fix myself. I mean, the function is not robust.
cannot crash for a number that is '096' that it will be 96 as integer. 



Test script:
---------------
ip2long('195.194.213.096') === ip2long('195,194.213.96')


//anyway the code to convert into packed format is quite easy, but It is not nice that I cannot rely on php built in function....


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-19 01:48 UTC] ajf@php.net
This is merely speculation, but I think it may be interpreting '096' as octal due to the leading zero. '9' is not a valid octal digit, so in that case, it would be an invalid IP address.
 [2016-07-01 19:28 UTC] cmb@php.net
-Summary: ip2long fails with number starting with zero +Summary: ip2long should not fail with number starting with zero -Type: Bug +Type: Feature/Change Request
 [2016-07-01 19:28 UTC] cmb@php.net
I can confirm the behavior, see <https://3v4l.org/tr4B3>.

ip2long() is defined in ext/standard/basic_functions.c[1].
However, it appears to me the "culprit" is inet_addr() and/or
inet_pton() to which PHP delegates without much further
processing. I don't know about inet_pton(), but indeed inet_addr()
interprets fields with a leading zero as octal integers[2], so in
this case it fails. As this behavior is documented[3] and makes
sense, I'm changing this ticket to feature request.

Changing the behavior of ip2long() would be possible, but that
would obviously cause a BC break, and as such likely would require
the RFC process[4].

[1] <https://github.com/php/php-src/blob/php-7.0.8/ext/standard/basic_functions.c#L3938-L3974>
[2] <http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/commtrf2/inet_addr.htm>
[3] <http://php.net/manual/en/function.ip2long.php>
[4] <https://wiki.php.net/rfc/howto>
 [2016-07-02 15:39 UTC] raffaellobertini at gmail dot com
@cmb@php.net you are perfectly right!

I would like to suggest (raw idea), instead of changing ip2long(), to built-in another helper function instead, that process the IP in string format and "clean" it and make it concise.

it will be something like:

    function ip_clean(string $ip) : ?string { ... }


and just process splitting by dot returning in a "correct" format the string to be processed further if required.
 [2016-07-03 11:06 UTC] cmb@php.net
ip_clean() could be easily implemented in userland, though, for
instance:

    <?php
    function ip_clean(string $ip) : ?string
    {
        return implode(
            '.',
            array_map(
                function ($el) {
                    return (int) $el;
                },
                explode('.', $ip)
            )
        );
    }

See <https://3v4l.org/NcNg7>.
 [2016-07-09 13:14 UTC] raffaellobertini at gmail dot com
Indeed.
My point was to do not always rewrite/paste the same function for each project, but instead have one built in. That even generalize better than the "ip_clean" raw idea proposed. Taking even the base as parameter for example.
Maybe would it be better to have inside a framework has ip validator instead of in a built in php way?

[Thanks for replies]
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 12:01:29 2024 UTC