From c0be40c2dad6661d28e7aafb35057f06095bb2bb Mon Sep 17 00:00:00 2001
From: Rory Byrne <rory@nybek.com>
Date: Thu, 14 May 2015 10:54:31 +0100
Subject: Fix parsing of IPv6 addresses to limit leading zeros

The current implementations of inet:parse_ipv6_address/1 and
inet:parse_ipv6strict_address/1 permit address strings which have an
unlimited number of leading zeros. Addresses such as:

    "0000000000000000000000000000000ffff::"
    "::00000000000000000000000000000000000000000000000000000000"
    "::0000000f435:1"

If we are using this facility to validate string representations of
IPv6 addresses, then we would end up validating addresses which are
non-conformant (with respect to RFC 4291 section 2.2) and potentially
dangerous.

This patch ensures that each segment of an IPv6 address has a maximum
of 4 hex digits.
---
 lib/kernel/test/inet_SUITE.erl | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/kernel/test')

diff --git a/lib/kernel/test/inet_SUITE.erl b/lib/kernel/test/inet_SUITE.erl
index 44a32fc1ec..c77de9316f 100644
--- a/lib/kernel/test/inet_SUITE.erl
+++ b/lib/kernel/test/inet_SUITE.erl
@@ -569,8 +569,11 @@ parse_address(Config) when is_list(Config) ->
 	 "::-1",
 	 "::g",
 	 "f:f11::10100:2",
+	 "f:f11::01100:2",
 	 "::17000",
+	 "::01700",
 	 "10000::",
+	 "01000::",
 	 "::8:7:6:5:4:3:2:1",
 	 "8:7:6:5:4:3:2:1::",
 	 "8:7:6:5:4::3:2:1",
-- 
cgit v1.2.3