GNU bug report logs - #54624
29.0.50; textsec and ipv6 addresses

Previous Next

Package: emacs;

Reported by: Aleksandr Vityazev <avityazev <at> posteo.org>

Date: Tue, 29 Mar 2022 12:37:01 UTC

Severity: normal

Found in version 29.0.50

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #46 received at 54624 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Mattias EngdegÄrd <mattiase <at> acm.org>
Cc: 54624 <at> debbugs.gnu.org, Aleksandr Vityazev <avityazev <at> posteo.org>
Subject: Re: bug#54624: 29.0.50; textsec and ipv6 addresses
Date: Wed, 06 Apr 2022 11:19:49 +0200

Mattias EngdegÄrd <mattiase <at> acm.org> writes:

> I agree that is desirable. If a strict parse is impractical (not sure if it is), what about something slightly stricter than what we current have? Here is a straw-man proposal:
>
>     (rx-let ((octet (or "0" (: (in "1-9") (? (in "0-9") (? (in "0-9"))))))
>              (ipv4 (: octet (= 3 "."  octet)))
>              (hextet (** 1 4 (in "0-9a-f")))
>              (ipv6 (: (? "::") hextet (* ":" (? ":") hextet)
>                       (? (or "::" (: ":" ipv4) )))))
>       (rx bos (or ipv4 ipv6 (: "[" ipv6 "]")) eos))

Skimming that, it seems a bit too strict, but perhaps I'm misreading it.

> and don't forget to bind case-fold-search to nil while calling string-match-p since IPv6 specifies lower-case hex digits.

Again, we're not trying to create a strict validator here.  We're just
saying something about suspiciousness -- invalid addresses aren't, in
and of themselves, suspicious.

(And most resolvers will accept upper-case hex digits just fine.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 3 years and 92 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.