diff options
author | Rory Byrne <[email protected]> | 2015-05-14 10:54:31 +0100 |
---|---|---|
committer | Rory Byrne <[email protected]> | 2015-05-22 09:05:00 +0100 |
commit | c0be40c2dad6661d28e7aafb35057f06095bb2bb (patch) | |
tree | 0f888b34fa50d974eeadeaeac29f700ae4cb2d92 /lib/kernel/test | |
parent | efbfe9602983ff451b864e557bdf3733222b78ba (diff) | |
download | otp-c0be40c2dad6661d28e7aafb35057f06095bb2bb.tar.gz otp-c0be40c2dad6661d28e7aafb35057f06095bb2bb.tar.bz2 otp-c0be40c2dad6661d28e7aafb35057f06095bb2bb.zip |
Fix parsing of IPv6 addresses to limit leading zeros
The current implementations of inet:parse_ipv6_address/1 and
inet:parse_ipv6strict_address/1 permit address strings which have an
unlimited number of leading zeros. Addresses such as:
"0000000000000000000000000000000ffff::"
"::00000000000000000000000000000000000000000000000000000000"
"::0000000f435:1"
If we are using this facility to validate string representations of
IPv6 addresses, then we would end up validating addresses which are
non-conformant (with respect to RFC 4291 section 2.2) and potentially
dangerous.
This patch ensures that each segment of an IPv6 address has a maximum
of 4 hex digits.
Diffstat (limited to 'lib/kernel/test')
-rw-r--r-- | lib/kernel/test/inet_SUITE.erl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/kernel/test/inet_SUITE.erl b/lib/kernel/test/inet_SUITE.erl index 44a32fc1ec..c77de9316f 100644 --- a/lib/kernel/test/inet_SUITE.erl +++ b/lib/kernel/test/inet_SUITE.erl @@ -569,8 +569,11 @@ parse_address(Config) when is_list(Config) -> "::-1", "::g", "f:f11::10100:2", + "f:f11::01100:2", "::17000", + "::01700", "10000::", + "01000::", "::8:7:6:5:4:3:2:1", "8:7:6:5:4:3:2:1::", "8:7:6:5:4::3:2:1", |