diff options
author | Rory Byrne <[email protected]> | 2015-05-14 10:54:31 +0100 |
---|---|---|
committer | Rory Byrne <[email protected]> | 2015-05-22 09:05:00 +0100 |
commit | c0be40c2dad6661d28e7aafb35057f06095bb2bb (patch) | |
tree | 0f888b34fa50d974eeadeaeac29f700ae4cb2d92 /lib/stdlib/src/math.erl | |
parent | efbfe9602983ff451b864e557bdf3733222b78ba (diff) | |
download | otp-c0be40c2dad6661d28e7aafb35057f06095bb2bb.tar.gz otp-c0be40c2dad6661d28e7aafb35057f06095bb2bb.tar.bz2 otp-c0be40c2dad6661d28e7aafb35057f06095bb2bb.zip |
Fix parsing of IPv6 addresses to limit leading zeros
The current implementations of inet:parse_ipv6_address/1 and
inet:parse_ipv6strict_address/1 permit address strings which have an
unlimited number of leading zeros. Addresses such as:
"0000000000000000000000000000000ffff::"
"::00000000000000000000000000000000000000000000000000000000"
"::0000000f435:1"
If we are using this facility to validate string representations of
IPv6 addresses, then we would end up validating addresses which are
non-conformant (with respect to RFC 4291 section 2.2) and potentially
dangerous.
This patch ensures that each segment of an IPv6 address has a maximum
of 4 hex digits.
Diffstat (limited to 'lib/stdlib/src/math.erl')
0 files changed, 0 insertions, 0 deletions