From: Robert Pluim <rpluim@gmail.com>
To: "Mattias Engdegård" <mattiase@acm.org>
Cc: Lars Ingebrigtsen <larsi@gnus.org>,
54624@debbugs.gnu.org, Aleksandr Vityazev <avityazev@posteo.org>
Subject: bug#54624: 29.0.50; textsec and ipv6 addresses
Date: Mon, 04 Apr 2022 15:33:23 +0200 [thread overview]
Message-ID: <87r16d6kik.fsf@gmail.com> (raw)
In-Reply-To: <871F72AF-D4A2-4C68-9FF8-AF290103E0EA@acm.org> ("Mattias Engdegård"'s message of "Mon, 4 Apr 2022 14:48:37 +0200")
>>>>> On Mon, 4 Apr 2022 14:48:37 +0200, Mattias Engdegård <mattiase@acm.org> said:
Mattias> 4 apr. 2022 kl. 12.42 skrev Lars Ingebrigtsen <larsi@gnus.org>:
>> Fine by me, but addresses that are too long should be suspicious (to
>> catch people obfuscating by doing things like 000000000000000127.0.0.1
>> and similar). That's what I was intending to catch with the {} things
>> without having to actually do the hard maths myself. :-)
Mattias> I agree that is desirable. If a strict parse is impractical (not sure if it is), what about something slightly stricter than what we current have? Here is a straw-man proposal:
Mattias> (rx-let ((octet (or "0" (: (in "1-9") (? (in "0-9") (? (in "0-9"))))))
Mattias> (ipv4 (: octet (= 3 "." octet)))
Mattias> (hextet (** 1 4 (in "0-9a-f")))
Mattias> (ipv6 (: (? "::") hextet (* ":" (? ":") hextet)
Mattias> (? (or "::" (: ":" ipv4) )))))
Mattias> (rx bos (or ipv4 ipv6 (: "[" ipv6 "]")) eos))
Mattias> and don't forget to bind case-fold-search to nil while calling string-match-p since IPv6 specifies lower-case hex digits.
Mattias> And thanks to Andreas for reminding me about IPv6 allowing dotted quads as well.
Or we just arrange it so that thereʼs a primitive that maps to calling
getaddrinfo(3) with AI_NUMERICHOST in the hints.ai_flags (but Lars'
motivation here is 'not suspicious', not 'looks like a numeric IP
address', so maybe not).
Robert
--
next prev parent reply other threads:[~2022-04-04 13:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-29 12:36 bug#54624: 29.0.50; textsec and ipv6 addresses Aleksandr Vityazev
2022-03-29 15:12 ` Lars Ingebrigtsen
2022-04-03 16:53 ` Mattias Engdegård
2022-04-03 16:58 ` Andreas Schwab
2022-04-03 17:04 ` Mattias Engdegård
2022-04-03 17:07 ` Lars Ingebrigtsen
2022-04-03 17:09 ` Lars Ingebrigtsen
2022-04-03 17:02 ` Lars Ingebrigtsen
2022-04-03 17:16 ` Mattias Engdegård
2022-04-03 17:49 ` Andreas Schwab
2022-04-04 10:42 ` Lars Ingebrigtsen
2022-04-04 12:48 ` Mattias Engdegård
2022-04-04 13:33 ` Robert Pluim [this message]
2022-04-06 9:19 ` Lars Ingebrigtsen
2022-04-06 13:28 ` Mattias Engdegård
2022-04-07 11:04 ` Lars Ingebrigtsen
2022-04-07 17:18 ` Mattias Engdegård
2022-04-07 22:13 ` Andreas Schwab
2022-04-08 9:08 ` Mattias Engdegård
2022-04-08 9:18 ` Andreas Schwab
2022-04-08 9:25 ` Mattias Engdegård
2022-04-11 14:29 ` Mattias Engdegård
2022-04-11 15:34 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r16d6kik.fsf@gmail.com \
--to=rpluim@gmail.com \
--cc=54624@debbugs.gnu.org \
--cc=avityazev@posteo.org \
--cc=larsi@gnus.org \
--cc=mattiase@acm.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).