net/netip: ParsePrefix allows "+", "-", leading zeroes in prefix length #63850
Comments
|
This somehow similar to the previous issue with IPs with leading zeros #30999 |
|
(It's not that similar... the problem there was that other software interpreted IPs with leading 0s as being a different address, whereas here, we're just accepting values that other software would reject as invalid.) |
mauri870
added
the
NeedsInvestigation
|
RFC 4632 Section 3.1 states that only valid prefixes are integer values, also reinforced by RFC 4291 Section 2.3:
I feel like we should be more rigorous in the validation of what we accept as a valid prefix, instead of relying simply on what the Atoi function can parse. The doc comment for ParsePrefix also assumes only valid values are the ones that conform to this:
cc @neild |
|
Yeah, I think we should tighten this down and not accept /cc @danderson |
|
Yup, makes sense to me. I assume we're accepting + here due to strconv.ParseUint or somesuch? |
Exactly, we rely on strconv.Atoi to parse the bits, which allow +, - and leading zeroes. |
mauri870
changed the title
|
Question now is, we want to transform these into an error or silently ignore non-digits and leading zeroes from the prefix? |
that should be an error IMHO |
mauri870
added
NeedsFix
|
Change https://go.dev/cl/538860 mentions this issue: |
|
@bradfitz is this something can be backported? |
|
Backports are for critical issues with no workaround, and minor releases prioritize backwards compatibility as much as possible. (https://github.com/golang/go/wiki/Go-Release-Cycle#release-maintenance) This doesn't seem critical and can be worked around, so I don't think a backport is apprpriate. |
|
@neild, it probably should be backported. It's low risk and there's no good workaround when the invalid input is a dozen layers deep in some JSON structure you're unmarshaling and expected to be well-formed. |
What version of Go are you using (
go version)?Does this issue reproduce with the latest release?
Yes, and the code is unchanged in master.
What operating system and processor architecture are you using (
go env)?(not relevant)
What did you do?
p, err := netip.ParsePrefix("1.2.3.0/+24")What did you expect to see?
an error about the fact that "+" is not a valid character in a CIDR string
What did you see instead?
It accepted it as though I'd said
netip.ParsePrefix("1.2.3.0/24").The code is using
strconv.Atoi()to parse the length, and not otherwise validating it, so it accepts anything thatstrconv.Atoi()would. (Which meansnetip.ParsePrefix("1.2.3.0/000024")is also accepted, and maybe shouldn't be, though it's not quite so obviously wrong, and that matches the behavior ofnet.ParseCIDRanyway.)The text was updated successfully, but these errors were encountered: