Skip to content

ipv6 filter integer overflow #18309

Closed
Closed
@chongwick

Description

@chongwick

Description

The following code:

<?php

const IPV6_COUNT = 100000;
const IPV6_LENGTH = 39;

function generateIPv6(): string {
    $hex = random_bytes(16);
    return '0'. str_replace('.', '', bin2hex($hex)). ':';
}

function validateIPv6($ip): bool {
    return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)!== false;
}

function testIPv6($ipv6_test): void {
    foreach ($ipv6_test as $ip => $exp) {
        $out = validateIPv6($ip);
        if ($exp!== $out) {
            echo "$ip failed (expected ". ($exp? 'true' : 'false'). ", got ". ($out? 'true' : 'false'). ")\n";
        }
    }
}

$ipv6_test = array_fill_keys(array_map('generateIPv6', range(1, IPV6_COUNT)), true);
testIPv6($ipv6_test);

?>

Resulted in this output:

/nightly_php/php-src/ext/filter/logical_filters.c:827:14: runtime error: signed integer overflow: 146455890 * 16 cannot be represented in type 'int'

PHP Version

nightly

Operating System

ubuntu 22.04

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions