GNU bug report logs -
#54624
29.0.50; textsec and ipv6 addresses
Previous Next
Reported by: Aleksandr Vityazev <avityazev <at> posteo.org>
Date: Tue, 29 Mar 2022 12:37:01 UTC
Severity: normal
Found in version 29.0.50
Fixed in version 29.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
Message #49 received at 54624 <at> debbugs.gnu.org (full text, mbox):
6 apr. 2022 kl. 11.19 skrev Lars Ingebrigtsen <larsi <at> gnus.org>:
> Skimming that, it seems a bit too strict, but perhaps I'm misreading it.
In what way is it too strict? I can't make it less strict unless you tell me.
> Again, we're not trying to create a strict validator here. We're just
> saying something about suspiciousness -- invalid addresses aren't, in
> and of themselves, suspicious.
That's fine, but "suspicious" is quite subjective and I need your help to define it better if I'm to write a simulator of your suspicion.
Here is a new attempt, simplified a bit:
(rx-let ((octet (** 1 3 (in "0-9")))
(ipv4 (: octet (= 3 "." octet)))
(hextet (** 1 4 (in "0-9a-f")))
(ipv6 (: (? "::") hextet (* (or ":" "::") hextet)
(? ":" (or ":" ipv4)))))
(string-match-p (rx bos (or ipv4 ipv6 (: "[" ipv6 "]")) eos)
domain)))
We could simplify it further and relax the requirement on octets and hextets (which seems to be what they are called, rather incongruously) but then it wouldn't catch what you previously thought were suspicious.
This bug report was last modified 3 years and 92 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.