php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73653 FILTER_FLAG_NO_RES_RANGE should not allow 224.0.0.0/4
Submitted: 2016-12-05 10:19 UTC Modified: 2016-12-05 10:35 UTC
From: jeremy dot benoist at gmail dot com Assigned:
Status: Closed Package: filter (PECL)
PHP Version: 7.1.0 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jeremy dot benoist at gmail dot com
New email:
PHP Version: OS:

 

 [2016-12-05 10:19 UTC] jeremy dot benoist at gmail dot com
Description:
------------
The RFC rfc5735 (https://tools.ietf.org/html/rfc5735#section-4) describes which IPs are reserved.

Looks like the range 224.0.0.0/4 is allowed when it shouldn't.

It affects few PHP versions (regarding what 3v4l.org says https://3v4l.org/cAdWZ)

- 5.6.27 - 5.6.28
- 7.0.12 - 7.0.13
- 7.1.0RC2 - 7.1.0

It might be related to https://bugs.php.net/bug.php?id=72972

Test script:
---------------
filter_var('224.0.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE);

Expected result:
----------------
false

Actual result:
--------------
224.0.0.1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-05 10:30 UTC] cmb@php.net
RFC 5735 has been obsoleted by RFC 6890, however, and the latter RFC does *not* reserve 224.0.0.0/4, if I'm not mistaken.
 [2016-12-05 10:35 UTC] jeremy dot benoist at gmail dot com
-Status: Open +Status: Closed
 [2016-12-05 10:35 UTC] jeremy dot benoist at gmail dot com
Oh yeah didn't notice the obsolete line at the top of 5735.
Thanks for noticing.
I going to edit wikipedia then ... https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 10:01:29 2024 UTC