| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 1.3.0b4 |
| Bug #23737 | checkIPv6 validates IPv6 addresses with invalid charactes | ||
|---|---|---|---|
| Submitted: | 2018-02-13 23:37 UTC | ||
| From: | astpear | Assigned: | am |
| Status: | Assigned | Package: | Net_IPv6 (version 1.3.0b3) |
| PHP Version: | 5.6.32 | OS: | RHEL 6.5 |
| Roadmaps: | (Not assigned) | ||
[2018-02-13 23:37 UTC] astpear
(as toth)
Description:
------------
'2001:4998:c:6d02::/64' will pass checkIPv6 because the invalid segment
contains hexadecimal characters.
This logic:
if(!preg_match('/[0-9a-fA-F]*/', $element)) {
should probably apply to $ip and search for invalid, rather than valid,
characters.
if(preg_match('/[^:0-9a-fA-F]+/', $ip)) { return false; }
Rather than searching for invalid characters it searches for valid characters
Test script:
---------------
require_once 'Net/IPv6.php';
$ip = '2001:4998:c:6d02::/64';
if (Net_IPv6::checkIPv6($ip)) {
echo "pass\n";
}
Expected result:
----------------
I expect no output.
Actual result:
--------------
I get "pass."
Comments
[2018-02-14 21:18 UTC] alexmerz
(Alexander Merz)
-Status: Open
+Status: Assigned
-Assigned To:
+Assigned To: am
[2018-02-18 10:28 UTC] alexmerz
(Alexander Merz)
Would you please expand on which part of the address is supposed to be invalid and why? 'c' and '6d02' contain both valid hex characters.