diff options
| author | NewEraCracker <neweracracker@gmail.com> | 2016-08-30 20:41:24 +0100 |
|---|---|---|
| committer | NewEraCracker <neweracracker@gmail.com> | 2016-08-30 21:09:34 +0100 |
| commit | 8fe8ceff998f32c752f5920e9099dc51c14b179f (patch) | |
| tree | e088c6eb8ff766a00183c49f6a77b44c5195a62c /src/etc/inc | |
| parent | 487599363cc43a1f4402824dbc85906b6af6a4d2 (diff) | |
| download | pfsense-8fe8ceff998f32c752f5920e9099dc51c14b179f.zip pfsense-8fe8ceff998f32c752f5920e9099dc51c14b179f.tar.gz | |
Prevent accessing undefined offset in IPv6.inc
On perfectly good IPs (eg. 1:2::3:4) this code could cause the following notice:
Notice: Undefined offset: 2 in IPv6.inc on line 560
On bad IPs like 1::2::3 it would not result in any notice.
This commit fixes the above problem, while making sure that only valid sequences pass validation.
Diffstat (limited to 'src/etc/inc')
| -rw-r--r-- | src/etc/inc/IPv6.inc | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/etc/inc/IPv6.inc b/src/etc/inc/IPv6.inc index d297ed1..5b7fb06 100644 --- a/src/etc/inc/IPv6.inc +++ b/src/etc/inc/IPv6.inc @@ -557,7 +557,7 @@ class Net_IPv6 if (false !== strpos($uip, '::') ) { - list($ip1, $ip2, $ip3) = explode('::', $uip); + list($ip1, $ip2) = explode('::', $uip, 2); if ("" == $ip1) { @@ -606,13 +606,6 @@ class Net_IPv6 $uip = "0:0:0:0:0:0:0:0"; - if (isset($ip3)) { // ::::xxx - not good - if ("" == $ip3) { // :::: - $ip3 = 0; // Give back a 9th "0" - } - $uip .= ":" . $ip3; - } - } else if (-1 == $c1) { // ::xxx $fill = str_repeat('0:', max(1, 7-$c2)); @@ -899,6 +892,10 @@ class Net_IPv6 if (!empty($ipPart[0])) { $ipv6 = explode(':', $ipPart[0]); + if(8 < count($ipv6)) { + return false; + } + foreach($ipv6 as $element) { // made a validate precheck if(!preg_match('/^[0-9a-fA-F]*$/', $element)) { return false; |
