php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73653 FILTER_FLAG_NO_RES_RANGE should not allow 224.0.0.0/4
Submitted: 2016-12-05 10:19 UTC Modified: 2016-12-05 10:35 UTC
From: jeremy dot benoist at gmail dot com Assigned:
Status: Closed Package: filter (PECL)
PHP Version: 7.1.0 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jeremy dot benoist at gmail dot com
New email:
PHP Version: OS:

 

 [2016-12-05 10:19 UTC] jeremy dot benoist at gmail dot com 
Description:
------------
The RFC rfc5735 (https://tools.ietf.org/html/rfc5735#section-4) describes which IPs are reserved.

Looks like the range 224.0.0.0/4 is allowed when it shouldn't.

It affects few PHP versions (regarding what 3v4l.org says https://3v4l.org/cAdWZ)

- 5.6.27 - 5.6.28
- 7.0.12 - 7.0.13
- 7.1.0RC2 - 7.1.0

It might be related to https://bugs.php.net/bug.php?id=72972

Test script:
---------------
filter_var('224.0.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE);

Expected result:
----------------
false

Actual result:
--------------
224.0.0.1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-05 10:30 UTC] cmb@php.net 
RFC 5735 has been obsoleted by RFC 6890, however, and the latter RFC does *not* reserve 224.0.0.0/4, if I'm not mistaken.
 [2016-12-05 10:35 UTC] jeremy dot benoist at gmail dot com
-Status: Open +Status: Closed
 [2016-12-05 10:35 UTC] jeremy dot benoist at gmail dot com 
Oh yeah didn't notice the obsolete line at the top of 5735.
Thanks for noticing.
I going to edit wikipedia then ... https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 23:01:28 2024 UTC