php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74699 Missing range for FILTER_FLAG_NO_RES_RANGE
Submitted: 2017-06-05 20:44 UTC Modified: 2021-08-05 16:38 UTC
From: brianlmoon@php.net Assigned: cmb (profile)
Status: Not a bug Package: Filter related
PHP Version: 7.1.5 OS: Linux
Private report: No CVE-ID: None
 [2017-06-05 20:44 UTC] brianlmoon@php.net
Description:
------------
The patch applied for https://bugs.php.net/bug.php?id=72972 removed the 240.0.0.0/4 block from the reserved list. 

RFC 6890 [https://tools.ietf.org/html/rfc6890] calls out 240.0.0.0/4 as a "Reserved" block. Bug https://bugs.php.net/bug.php?id=73653 mistakenly claimed that RFC 6890 does not list this as a reserved block. You will find it on page 12 of that RFC.



Test script:
---------------
$return = filter_var("224.0.0.2", FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE);
var_dump($return);


Expected result:
----------------
bool(false)


Actual result:
--------------
string(9) "224.0.0.2"

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-06 15:36 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2017-06-06 15:36 UTC] cmb@php.net
> Bug https://bugs.php.net/bug.php?id=73653 mistakenly claimed
> that RFC 6890 does not list this as a reserved block. You will
> find it on page 12 of that RFC.

Indeed, you're right.
 [2017-06-06 15:40 UTC] cmb@php.net
-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2017-06-06 15:40 UTC] cmb@php.net
> Indeed, you're right.

No, nonsense. 240.0.0.0/4 is reserved, but 224.0.0.0/4 is not
reserved. Therefore the behavior of your test script is expected.
 [2017-06-06 16:07 UTC] brianlmoon@php.net
-Status: Not a bug +Status: Re-Opened
 [2017-06-06 16:07 UTC] brianlmoon@php.net
I apologize for mixing up those ranges.

Nevertheless, the 224.0.0.0/4 range is reserved for multicast.

"The range of addresses between 224.0.0.0 and 224.0.0.255, inclusive,
is reserved for the use of routing protocols and other low-level
topology discovery or maintenance protocols, such as gateway discovery
and group membership reporting.  Multicast routers should not forward
any multicast datagram with destination addresses in this range,
regardless of its TTL."

https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
 [2017-06-06 16:38 UTC] cmb@php.net
-Assigned To: cmb +Assigned To:
 [2017-06-07 11:37 UTC] andrew dot nester dot dev at gmail dot com
I've just added PR fixing this issue.
 [2017-07-18 20:18 UTC] nikic@php.net
Automatic comment on behalf of andrew.nester.dev@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=afc22828ea036814e6a044083dade065b4c858c9
Log: Fixed #74699 - Broken ArrayIterator unserializing
 [2017-07-18 20:18 UTC] nikic@php.net
-Status: Re-Opened +Status: Closed
 [2017-07-18 20:21 UTC] nikic@php.net
-Status: Closed +Status: Re-Opened
 [2017-07-18 20:21 UTC] nikic@php.net
Ooops, wrong bug ID in commit...
 [2021-08-05 16:38 UTC] cmb@php.net
-Status: Re-Opened +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-08-05 16:38 UTC] cmb@php.net
FILTER_FLAG_NO_RES_RANGE only considers addresses as reserved
which are reserved-by-protocol according to RFC 6890.  224.0.0.0/4
isn't even mentioned in that RFC.  This also matches the
documentation, so I don't see a bug here.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC