php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #70845 ip2long should not fail with number starting with zero
Submitted: 2015-11-03 16:28 UTC Modified: 2016-07-03 11:06 UTC
From: raffaellobertini at gmail dot com Assigned:
Status: Open Package: Network related
PHP Version: 5.4.45 OS: centos6.5
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: raffaellobertini at gmail dot com
New email:
PHP Version: OS:

 

 [2015-11-03 16:28 UTC] raffaellobertini at gmail dot com 
Description:
------------
just run ip2long('195.194.213.096') it will return false instead of 
interpreting the string as '195,194.213.96'

if you point me to the code i fix myself. I mean, the function is not robust.
cannot crash for a number that is '096' that it will be 96 as integer. 



Test script:
---------------
ip2long('195.194.213.096') === ip2long('195,194.213.96')


//anyway the code to convert into packed format is quite easy, but It is not nice that I cannot rely on php built in function....

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-19 01:48 UTC] ajf@php.net 
This is merely speculation, but I think it may be interpreting '096' as octal due to the leading zero. '9' is not a valid octal digit, so in that case, it would be an invalid IP address.
 [2016-07-01 19:28 UTC] cmb@php.net
-Summary: ip2long fails with number starting with zero +Summary: ip2long should not fail with number starting with zero -Type: Bug +Type: Feature/Change Request
 [2016-07-01 19:28 UTC] cmb@php.net 
I can confirm the behavior, see <https://3v4l.org/tr4B3>.

ip2long() is defined in ext/standard/basic_functions.c[1].
However, it appears to me the "culprit" is inet_addr() and/or
inet_pton() to which PHP delegates without much further
processing. I don't know about inet_pton(), but indeed inet_addr()
interprets fields with a leading zero as octal integers[2], so in
this case it fails. As this behavior is documented[3] and makes
sense, I'm changing this ticket to feature request.

Changing the behavior of ip2long() would be possible, but that
would obviously cause a BC break, and as such likely would require
the RFC process[4].

[1] <https://github.com/php/php-src/blob/php-7.0.8/ext/standard/basic_functions.c#L3938-L3974>
[2] <http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/commtrf2/inet_addr.htm>
[3] <http://php.net/manual/en/function.ip2long.php>
[4] <https://wiki.php.net/rfc/howto>
 [2016-07-02 15:39 UTC] raffaellobertini at gmail dot com 
@cmb@php.net you are perfectly right!

I would like to suggest (raw idea), instead of changing ip2long(), to built-in another helper function instead, that process the IP in string format and "clean" it and make it concise.

it will be something like:

    function ip_clean(string $ip) : ?string { ... }


and just process splitting by dot returning in a "correct" format the string to be processed further if required.
 [2016-07-03 11:06 UTC] cmb@php.net 
ip_clean() could be easily implemented in userland, though, for
instance:

    <?php
    function ip_clean(string $ip) : ?string
    {
        return implode(
            '.',
            array_map(
                function ($el) {
                    return (int) $el;
                },
                explode('.', $ip)
            )
        );
    }

See <https://3v4l.org/NcNg7>.
 [2016-07-09 13:14 UTC] raffaellobertini at gmail dot com 
Indeed.
My point was to do not always rewrite/paste the same function for each project, but instead have one built in. That even generalize better than the "ip_clean" raw idea proposed. Taking even the base as parameter for example.
Maybe would it be better to have inside a framework has ip validator instead of in a built in php way?

[Thanks for replies]
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 18:01:31 2024 UTC