php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50830 FILTER_VALIDATE_IP incorrectly validates a compressed IPv4-mapped IPv6 address
Submitted: 2010-01-24 15:45 UTC Modified: 2010-11-08 05:44 UTC
From: mikerushton at hotmail dot co dot uk Assigned: cataphract (profile)
Status: Closed Package: Filter related
PHP Version: 5.*, 6 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mikerushton at hotmail dot co dot uk
New email:
PHP Version: OS:

 

 [2010-01-24 15:45 UTC] mikerushton at hotmail dot co dot uk
Description:
------------
FILTER_VALIDATE_IP validates the incorrect 0:::255.255.255.255 and does 
not validate the correct 0::255.255.255.255

According to RFC 5321, the correct syntax is:

[IPv6-hex *3(":" IPv6-hex)] "::" [IPv6-hex *3(":" IPv6-hex) ":"] IPv4-
address-literal

This does not allow for three consecutive colons.

Reproduce code:
---------------
// First

filter_var('FFFF:::255.255.255.255', FILTER_VALIDATE_IP);

// Second

filter_var('FFFF::255.255.255.255', FILTER_VALIDATE_IP);

Expected result:
----------------
// First

bool(false)

// Second

string(21) 'FFFF::255.255.255.255'

Actual result:
--------------
// First

string(22) 'FFFF:::255.255.255.255'

// Second

bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-01 15:34 UTC] mikerushton at hotmail dot co dot uk
An addition: here's my solution (as a regular expression):

(?:(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9](?
::|$)){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?
::[a-f0-9]{1,4}){0,5})?)))|(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?))?(?:(?
:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-
5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))
 [2010-08-17 18:47 UTC] michael at squiloople dot com
It has come to my attention that the regular expression I provided above uses 
RFC 5321 as the authority on IPv6 address format. This differs from RFC 4291 
however, which is the ACTUAL authority on IPv6 address format. The key 
difference between the two is that 4291 allows a double colon to represent just 
ONE 16-bit group of zeros whereas 5321 requires that it represent at least TWO 
groups. As such, I have provided a modified regular expression which conforms 
with 4291 in this respect (and have also removed the unnecessary capturing 
groups present in my earlier regex)

(?:(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-
9](?::|$)){8,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,6})?::(?:[a-f0-
9]{1,4}(?::[a-f0-9]{1,4}){0,6})?)))|(?:(?:(?:(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){6,})(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,4})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,4}:)?)))?(?:25[0-5]|2[0-
4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?:\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-
9])){3}))
 [2010-09-07 21:42 UTC] sob at academ dot com
Please note that RFC 4291 has been updated by RFC 5952.
 [2010-09-08 01:00 UTC] michael at squiloople dot com
RFC 5952 is only a Proposed Standard. RFC 4291 is still the authority. And even 
if/when RFC 5952 is accepted, it is only a recommendation for (good practice) 
representation and clearly states that "all implementations must accept and be 
able to handle any legitimate RFC 4291 format".
 [2010-11-08 05:44 UTC] cataphract@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cataphract
 [2010-11-08 05:44 UTC] cataphract@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in revision #305186 for PHP 5.3 and trunk.

http://svn.php.net/viewvc/?view=revision&revision=305186
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 19 10:03:36 2021 UTC