4780 – [review] IP_ADDRESS and LOCALHOST regexes are way to liberal in looking for IPv6 addresses

Bug 4780 - [review] IP_ADDRESS and LOCALHOST regexes are way to liberal in looking for IPv6 addresses

Summary: [review] IP_ADDRESS and LOCALHOST regexes are way to liberal in looking for I...

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Libraries (show other bugs)
Version:	SVN Trunk (Latest Devel Version)
Hardware:	All All

Importance:	P5 normal
Target Milestone:	3.1.1
Assignee:	Daryl C. W. O'Shea

URL:
Whiteboard:	ready to apply
Keywords:

Duplicates (1):	4673 (view as bug list)
Depends on:
Blocks:

Reported:	2006-02-03 12:51 UTC by Daryl C. W. O'Shea
Modified:	2006-03-08 15:25 UTC (History)
CC List:	2 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
patch	patch			None	Daryl C. W. O'Shea
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daryl C. W. O'Shea 2006-02-03 12:51:22 UTC

The existing regexes will parse any hex characters that come anywhere near a
colon, without regard for validity.

For instance, "Dec", "04:07:58" and more get parsed from this header:

X-Originating-IP: [0.211.128.78] via HTTP from webmail.mail.ru;
        Fri, 02 Dec 2005 04:07:58

Comment 1 Daryl C. W. O'Shea 2006-02-03 12:56:29 UTC

Created attachment 3357 [details]
patch

Sending        lib/Mail/SpamAssassin/Constants.pm
Sending        t/ip_addrs.t
Transmitting file data ..
Committed revision 374643.

Fixes some invalid ip_addr.t tests too.

Comment 2 Daryl C. W. O'Shea 2006-02-03 12:58:43 UTC

Please review for 3.1.  This will prevent pack() problems with anything that
might not validate the IP addresses it uses, like in bug 4485.

Comment 3 Justin Mason 2006-02-03 21:40:36 UTC

+0.9; just wondering about this, though:

-ok (tryone (Mail::SpamAssassin::Constants::IP_ADDRESS, "ff02:0:0:0:0:0:1"));
-ok (tryone (Mail::SpamAssassin::Constants::IP_ADDRESS, "ff02:0:0:0:0:0:2"));
+ok (tryone (Mail::SpamAssassin::Constants::IP_ADDRESS, "ff02:0:0:0:0:0:0:1"));
+ok (tryone (Mail::SpamAssassin::Constants::IP_ADDRESS, "ff02:0:0:0:0:0:0:2"));

were the top 2 invalid?

Comment 4 Daryl C. W. O'Shea 2006-02-03 21:42:17 UTC

Yeah, they were only 112 bits.

Comment 5 Justin Mason 2006-02-03 23:44:49 UTC

+1  ok, good enough for me ;)

Comment 6 Theo Van Dinter 2006-02-04 00:21:42 UTC

I'm not very familiar with IPv6, but from a quick look at the patch it seems ok to me.

+1

Comment 7 Daryl C. W. O'Shea 2006-02-04 00:40:21 UTC

I'm pretty sure it conforms to the current RFCs.  Well except for RFC 1924. ;)

3.1:
Sending        lib/Mail/SpamAssassin/Constants.pm
Sending        t/ip_addrs.t
Transmitting file data ..
Committed revision 374786.

Comment 8 Daryl C. W. O'Shea 2006-03-08 23:25:16 UTC

*** Bug 4673 has been marked as a duplicate of this bug. ***