From 2b7ff1112a88a3d1153b522d7d2df0010c8519d5 Mon Sep 17 00:00:00 2001 From: "Phil E. Taylor" Date: Sun, 30 Oct 2022 11:27:32 +0000 Subject: [PATCH] [HttpFoundation] Check IPv6 is valid before comparing it --- src/Symfony/Component/HttpFoundation/IpUtils.php | 9 +++++++++ .../Component/HttpFoundation/Tests/IpUtilsTest.php | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php index 8f30ee099164f..de2112cfc7028 100644 --- a/src/Symfony/Component/HttpFoundation/IpUtils.php +++ b/src/Symfony/Component/HttpFoundation/IpUtils.php @@ -124,6 +124,15 @@ public static function checkIp6($requestIp, $ip) throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".'); } + // Check to see if we were given a IP4 $requestIp or $ip by mistake + if (str_contains($requestIp, '.') || str_contains($ip, '.')) { + return self::$checkedIps[$cacheKey] = false; + } + + if (!filter_var($requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) { + return self::$checkedIps[$cacheKey] = false; + } + if (str_contains($ip, '/')) { [$address, $netmask] = explode('/', $ip, 2); diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php index 48509f9667cd7..8de4b4d7bd472 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php @@ -73,6 +73,10 @@ public function getIpv6Data() [false, '2a01:198:603:0:396e:4789:8e99:890f', 'unknown'], [false, '', '::1'], [false, null, '::1'], + [false, '127.0.0.1', '::1'], + [false, '0.0.0.0/8', '::1'], + [false, '::1', '127.0.0.1'], + [false, '::1', '0.0.0.0/8'], ]; }