mirror of
https://github.com/golang/go
synced 2024-11-15 02:20:32 -07:00
net/netip: check if address is v6 mapped in Is methods
In all of the Is* methods, check if the address is a v6 mapped v4 address, and unmap it if so. Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun Lab (@chenjj) for reporting this issue. Fixes #67680 Fixes CVE-2024-24790 Change-Id: I6bd03ca1a5d93a0b59027d861c84060967b265b0 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1460 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/590316 Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Michael Knyszek <mknyszek@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
parent
e240d8150c
commit
ad4d9b0464
@ -36,8 +36,6 @@ func TestInlining(t *testing.T) {
|
|||||||
"Addr.Is4",
|
"Addr.Is4",
|
||||||
"Addr.Is4In6",
|
"Addr.Is4In6",
|
||||||
"Addr.Is6",
|
"Addr.Is6",
|
||||||
"Addr.IsLoopback",
|
|
||||||
"Addr.IsMulticast",
|
|
||||||
"Addr.IsInterfaceLocalMulticast",
|
"Addr.IsInterfaceLocalMulticast",
|
||||||
"Addr.IsValid",
|
"Addr.IsValid",
|
||||||
"Addr.IsUnspecified",
|
"Addr.IsUnspecified",
|
||||||
|
@ -516,6 +516,10 @@ func (ip Addr) hasZone() bool {
|
|||||||
|
|
||||||
// IsLinkLocalUnicast reports whether ip is a link-local unicast address.
|
// IsLinkLocalUnicast reports whether ip is a link-local unicast address.
|
||||||
func (ip Addr) IsLinkLocalUnicast() bool {
|
func (ip Addr) IsLinkLocalUnicast() bool {
|
||||||
|
if ip.Is4In6() {
|
||||||
|
ip = ip.Unmap()
|
||||||
|
}
|
||||||
|
|
||||||
// Dynamic Configuration of IPv4 Link-Local Addresses
|
// Dynamic Configuration of IPv4 Link-Local Addresses
|
||||||
// https://datatracker.ietf.org/doc/html/rfc3927#section-2.1
|
// https://datatracker.ietf.org/doc/html/rfc3927#section-2.1
|
||||||
if ip.Is4() {
|
if ip.Is4() {
|
||||||
@ -531,6 +535,10 @@ func (ip Addr) IsLinkLocalUnicast() bool {
|
|||||||
|
|
||||||
// IsLoopback reports whether ip is a loopback address.
|
// IsLoopback reports whether ip is a loopback address.
|
||||||
func (ip Addr) IsLoopback() bool {
|
func (ip Addr) IsLoopback() bool {
|
||||||
|
if ip.Is4In6() {
|
||||||
|
ip = ip.Unmap()
|
||||||
|
}
|
||||||
|
|
||||||
// Requirements for Internet Hosts -- Communication Layers (3.2.1.3 Addressing)
|
// Requirements for Internet Hosts -- Communication Layers (3.2.1.3 Addressing)
|
||||||
// https://datatracker.ietf.org/doc/html/rfc1122#section-3.2.1.3
|
// https://datatracker.ietf.org/doc/html/rfc1122#section-3.2.1.3
|
||||||
if ip.Is4() {
|
if ip.Is4() {
|
||||||
@ -546,6 +554,10 @@ func (ip Addr) IsLoopback() bool {
|
|||||||
|
|
||||||
// IsMulticast reports whether ip is a multicast address.
|
// IsMulticast reports whether ip is a multicast address.
|
||||||
func (ip Addr) IsMulticast() bool {
|
func (ip Addr) IsMulticast() bool {
|
||||||
|
if ip.Is4In6() {
|
||||||
|
ip = ip.Unmap()
|
||||||
|
}
|
||||||
|
|
||||||
// Host Extensions for IP Multicasting (4. HOST GROUP ADDRESSES)
|
// Host Extensions for IP Multicasting (4. HOST GROUP ADDRESSES)
|
||||||
// https://datatracker.ietf.org/doc/html/rfc1112#section-4
|
// https://datatracker.ietf.org/doc/html/rfc1112#section-4
|
||||||
if ip.Is4() {
|
if ip.Is4() {
|
||||||
@ -564,7 +576,7 @@ func (ip Addr) IsMulticast() bool {
|
|||||||
func (ip Addr) IsInterfaceLocalMulticast() bool {
|
func (ip Addr) IsInterfaceLocalMulticast() bool {
|
||||||
// IPv6 Addressing Architecture (2.7.1. Pre-Defined Multicast Addresses)
|
// IPv6 Addressing Architecture (2.7.1. Pre-Defined Multicast Addresses)
|
||||||
// https://datatracker.ietf.org/doc/html/rfc4291#section-2.7.1
|
// https://datatracker.ietf.org/doc/html/rfc4291#section-2.7.1
|
||||||
if ip.Is6() {
|
if ip.Is6() && !ip.Is4In6() {
|
||||||
return ip.v6u16(0)&0xff0f == 0xff01
|
return ip.v6u16(0)&0xff0f == 0xff01
|
||||||
}
|
}
|
||||||
return false // zero value
|
return false // zero value
|
||||||
@ -572,6 +584,10 @@ func (ip Addr) IsInterfaceLocalMulticast() bool {
|
|||||||
|
|
||||||
// IsLinkLocalMulticast reports whether ip is a link-local multicast address.
|
// IsLinkLocalMulticast reports whether ip is a link-local multicast address.
|
||||||
func (ip Addr) IsLinkLocalMulticast() bool {
|
func (ip Addr) IsLinkLocalMulticast() bool {
|
||||||
|
if ip.Is4In6() {
|
||||||
|
ip = ip.Unmap()
|
||||||
|
}
|
||||||
|
|
||||||
// IPv4 Multicast Guidelines (4. Local Network Control Block (224.0.0/24))
|
// IPv4 Multicast Guidelines (4. Local Network Control Block (224.0.0/24))
|
||||||
// https://datatracker.ietf.org/doc/html/rfc5771#section-4
|
// https://datatracker.ietf.org/doc/html/rfc5771#section-4
|
||||||
if ip.Is4() {
|
if ip.Is4() {
|
||||||
@ -600,6 +616,10 @@ func (ip Addr) IsGlobalUnicast() bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ip.Is4In6() {
|
||||||
|
ip = ip.Unmap()
|
||||||
|
}
|
||||||
|
|
||||||
// Match package net's IsGlobalUnicast logic. Notably private IPv4 addresses
|
// Match package net's IsGlobalUnicast logic. Notably private IPv4 addresses
|
||||||
// and ULA IPv6 addresses are still considered "global unicast".
|
// and ULA IPv6 addresses are still considered "global unicast".
|
||||||
if ip.Is4() && (ip == IPv4Unspecified() || ip == AddrFrom4([4]byte{255, 255, 255, 255})) {
|
if ip.Is4() && (ip == IPv4Unspecified() || ip == AddrFrom4([4]byte{255, 255, 255, 255})) {
|
||||||
@ -617,6 +637,10 @@ func (ip Addr) IsGlobalUnicast() bool {
|
|||||||
// ip is in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or fc00::/7. This is the
|
// ip is in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or fc00::/7. This is the
|
||||||
// same as [net.IP.IsPrivate].
|
// same as [net.IP.IsPrivate].
|
||||||
func (ip Addr) IsPrivate() bool {
|
func (ip Addr) IsPrivate() bool {
|
||||||
|
if ip.Is4In6() {
|
||||||
|
ip = ip.Unmap()
|
||||||
|
}
|
||||||
|
|
||||||
// Match the stdlib's IsPrivate logic.
|
// Match the stdlib's IsPrivate logic.
|
||||||
if ip.Is4() {
|
if ip.Is4() {
|
||||||
// RFC 1918 allocates 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as
|
// RFC 1918 allocates 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as
|
||||||
|
@ -599,10 +599,13 @@ func TestIPProperties(t *testing.T) {
|
|||||||
ilm6 = mustIP("ff01::1")
|
ilm6 = mustIP("ff01::1")
|
||||||
ilmZone6 = mustIP("ff01::1%eth0")
|
ilmZone6 = mustIP("ff01::1%eth0")
|
||||||
|
|
||||||
private4a = mustIP("10.0.0.1")
|
private4a = mustIP("10.0.0.1")
|
||||||
private4b = mustIP("172.16.0.1")
|
private4b = mustIP("172.16.0.1")
|
||||||
private4c = mustIP("192.168.1.1")
|
private4c = mustIP("192.168.1.1")
|
||||||
private6 = mustIP("fd00::1")
|
private6 = mustIP("fd00::1")
|
||||||
|
private6mapped4a = mustIP("::ffff:10.0.0.1")
|
||||||
|
private6mapped4b = mustIP("::ffff:172.16.0.1")
|
||||||
|
private6mapped4c = mustIP("::ffff:192.168.1.1")
|
||||||
)
|
)
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
@ -626,6 +629,11 @@ func TestIPProperties(t *testing.T) {
|
|||||||
ip: unicast4,
|
ip: unicast4,
|
||||||
globalUnicast: true,
|
globalUnicast: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "unicast v6 mapped v4Addr",
|
||||||
|
ip: AddrFrom16(unicast4.As16()),
|
||||||
|
globalUnicast: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "unicast v6Addr",
|
name: "unicast v6Addr",
|
||||||
ip: unicast6,
|
ip: unicast6,
|
||||||
@ -647,6 +655,12 @@ func TestIPProperties(t *testing.T) {
|
|||||||
linkLocalMulticast: true,
|
linkLocalMulticast: true,
|
||||||
multicast: true,
|
multicast: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "multicast v6 mapped v4Addr",
|
||||||
|
ip: AddrFrom16(multicast4.As16()),
|
||||||
|
linkLocalMulticast: true,
|
||||||
|
multicast: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "multicast v6Addr",
|
name: "multicast v6Addr",
|
||||||
ip: multicast6,
|
ip: multicast6,
|
||||||
@ -664,6 +678,11 @@ func TestIPProperties(t *testing.T) {
|
|||||||
ip: llu4,
|
ip: llu4,
|
||||||
linkLocalUnicast: true,
|
linkLocalUnicast: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "link-local unicast v6 mapped v4Addr",
|
||||||
|
ip: AddrFrom16(llu4.As16()),
|
||||||
|
linkLocalUnicast: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "link-local unicast v6Addr",
|
name: "link-local unicast v6Addr",
|
||||||
ip: llu6,
|
ip: llu6,
|
||||||
@ -689,6 +708,11 @@ func TestIPProperties(t *testing.T) {
|
|||||||
ip: IPv6Loopback(),
|
ip: IPv6Loopback(),
|
||||||
loopback: true,
|
loopback: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "loopback v6 mapped v4Addr",
|
||||||
|
ip: AddrFrom16(IPv6Loopback().As16()),
|
||||||
|
loopback: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "interface-local multicast v6Addr",
|
name: "interface-local multicast v6Addr",
|
||||||
ip: ilm6,
|
ip: ilm6,
|
||||||
@ -725,6 +749,24 @@ func TestIPProperties(t *testing.T) {
|
|||||||
globalUnicast: true,
|
globalUnicast: true,
|
||||||
private: true,
|
private: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "private v6 mapped v4Addr 10/8",
|
||||||
|
ip: private6mapped4a,
|
||||||
|
globalUnicast: true,
|
||||||
|
private: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "private v6 mapped v4Addr 172.16/12",
|
||||||
|
ip: private6mapped4b,
|
||||||
|
globalUnicast: true,
|
||||||
|
private: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "private v6 mapped v4Addr 192.168/16",
|
||||||
|
ip: private6mapped4c,
|
||||||
|
globalUnicast: true,
|
||||||
|
private: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "unspecified v4Addr",
|
name: "unspecified v4Addr",
|
||||||
ip: IPv4Unspecified(),
|
ip: IPv4Unspecified(),
|
||||||
|
Loading…
Reference in New Issue
Block a user