php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73653 FILTER_FLAG_NO_RES_RANGE should not allow 224.0.0.0/4
Submitted: 2016-12-05 10:19 UTC Modified: 2016-12-05 10:35 UTC
From: jeremy dot benoist at gmail dot com Assigned:
Status: Closed Package: filter (PECL)
PHP Version: 7.1.0 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
38 + 48 = ?
Subscribe to this entry?

 
 [2016-12-05 10:19 UTC] jeremy dot benoist at gmail dot com
Description:
------------
The RFC rfc5735 (https://tools.ietf.org/html/rfc5735#section-4) describes which IPs are reserved.

Looks like the range 224.0.0.0/4 is allowed when it shouldn't.

It affects few PHP versions (regarding what 3v4l.org says https://3v4l.org/cAdWZ)

- 5.6.27 - 5.6.28
- 7.0.12 - 7.0.13
- 7.1.0RC2 - 7.1.0

It might be related to https://bugs.php.net/bug.php?id=72972

Test script:
---------------
filter_var('224.0.0.1', FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE);

Expected result:
----------------
false

Actual result:
--------------
224.0.0.1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-05 10:30 UTC] cmb@php.net
RFC 5735 has been obsoleted by RFC 6890, however, and the latter RFC does *not* reserve 224.0.0.0/4, if I'm not mistaken.
 [2016-12-05 10:35 UTC] jeremy dot benoist at gmail dot com
-Status: Open +Status: Closed
 [2016-12-05 10:35 UTC] jeremy dot benoist at gmail dot com
Oh yeah didn't notice the obsolete line at the top of 5735.
Thanks for noticing.
I going to edit wikipedia then ... https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC