[ruby-core:112697] [Ruby master Bug#19479] Support IPv4-mapped IPv6 addresses in IPAddr#private?
Issue #19479 has been reported by tgxworld (Guo Xiang Tan). ---------------------------------------- Bug #19479: Support IPv4-mapped IPv6 addresses in IPAddr#private? https://bugs.ruby-lang.org/issues/19479 * Author: tgxworld (Guo Xiang Tan) * Status: Open * Priority: Normal * ruby -v: ruby 3.2.1 (2023-02-08 revision 31819e82c8) [x86_64-linux] * Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN ---------------------------------------- ``` irb(main):010:0> IPAddr.new("172.16.0.0").private? => true irb(main):011:0> IPAddr.new("::ffff:172.16.0.0").private? => false ``` If IPAddr#private? is used in a critical code path, not supporting IPv4-mapped IPv6 addresses could lead to security issues. -- https://bugs.ruby-lang.org/
Issue #19479 has been updated by jeremyevans0 (Jeremy Evans). I submitted an upstream pull request to fix this: https://github.com/ruby/ipaddr/pull/57 ---------------------------------------- Bug #19479: Support IPv4-mapped IPv6 addresses in IPAddr#private? https://bugs.ruby-lang.org/issues/19479#change-103664 * Author: tgxworld (Guo Xiang Tan) * Status: Open * Priority: Normal * ruby -v: ruby 3.2.1 (2023-02-08 revision 31819e82c8) [x86_64-linux] * Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN ---------------------------------------- ``` irb(main):010:0> IPAddr.new("172.16.0.0").private? => true irb(main):011:0> IPAddr.new("::ffff:172.16.0.0").private? => false ``` If IPAddr#private? is used in a critical code path, not supporting IPv4-mapped IPv6 addresses could lead to security issues. -- https://bugs.ruby-lang.org/
participants (2)
-
jeremyevans0 (Jeremy Evans) -
tgxworld (Guo Xiang Tan)