Closed
Description
Symfony version(s) affected
6.1.8
Description
IPv4 to IPv6 mapped addresses are incorrectly rejected by the checkIp6 function, because of the check for dots added in #48050. For example, Azure Frontdoor makes requests where the IP address is listed as ::ffff:147.243.231.120
. This broke my Laravel installation because suddenly these requests were blocked by the TrustProxies middleware
How to reproduce
In 6.1.7:
\Symfony\Component\HttpFoundation\IpUtils::checkIp6('::ffff:147.243.231.120', '::ffff:147.243.0.0/16')
// true
In 6.1.8:
\Symfony\Component\HttpFoundation\IpUtils::checkIp6('::ffff:147.243.231.120', '::ffff:147.243.0.0/16')
// false
Possible Solution
Remove the check for dots, because pure IPv4 are rejected by the filter_var
function when the IPv6 flag is added
filter_var("10.0.0.1", \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)
// false
While those in IPv6 notation are allowed
filter_var("::ffff:10.0.0.1", \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)
// "::ffff:10.0.0.1"
But to also check that the $ip
is valid IPv6, check that it is valid with the filter_var
function
Additional Context
In RFC-4291, dots are allowed in IPv6 addresses
2.2. Text Representation of Addresses
3. An alternative form that is sometimes more convenient when dealing
with a mixed environment of IPv4 and IPv6 nodes is
x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of
the six high-order 16-bit pieces of the address, and the 'd's are
the decimal values of the four low-order 8-bit pieces of the
address (standard IPv4 representation). Examples:
0:0:0:0:0:0:13.1.68.3
0:0:0:0:0:FFFF:129.144.52.38
or in compressed form:
::13.1.68.3
::FFFF:129.144.52.38
2.5.5.2. IPv4-Mapped IPv6 Address
A second type of IPv6 address that holds an embedded IPv4 address is
defined. This address type is used to represent the addresses of
IPv4 nodes as IPv6 addresses. The format of the "IPv4-mapped IPv6
address" is as follows:
| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|FFFF| IPv4 address |
+--------------------------------------+----+---------------------+