ID: 25997 User updated by: xodfull at starmen dot net Reported By: xodfull at starmen dot net Status: Analyzed Bug Type: Documentation problem Operating System: Linux, Apache. PHP Version: 4.3.3 New Comment:
I have to disagree. Not handling incorrect input in accordance with documentation is not "working as advertised". Would it be difficult to search for a null-character in the string before passing it to C lib function inet_addr(), and if one is found, immediately return -1? There would be a slight performance penalty, but I doubt it would be significant because IP-address dot-notation strings tend to be relative short, and the conversion to a single integer should be much more cpu-intensive. I personally would prefer this solution to be implemented, but I will be satisfied if just the documentation is updated to contain a warning. Previous Comments: ------------------------------------------------------------------------ [2003-10-27 17:29:54] [EMAIL PROTECTED] ip2long() works as advertised. However, if brought a very good point and this should be documented. For security, if ip2long() is used only for validation the IP should be escaped or should be used like this: $ip = long2ip(ip2long($ip)); ------------------------------------------------------------------------ [2003-10-27 10:32:49] xodfull at starmen dot net "Magic quotes" needs to be disabled for this particular example to work. Anyway, I'm using RedHat's build of Linux 2.4.20, with Apache 1.3.28. ------------------------------------------------------------------------ [2003-10-27 02:03:03] [EMAIL PROTECTED] I've tested your code with 4.3.3, 4.3.4-CVS, 5-CVS and can't reproduce reasult you get (ip2long returns -1, as expected). Please, give more info about your OS & Apache. ------------------------------------------------------------------------ [2003-10-26 22:32:27] xodfull at starmen dot net Description: ------------ ip2long() is supposed to return -1 on an invalid ip address. Because of PHP's method of storing strings, and a careless calling of standard C library functions that use null-terminated strings, it will not return -1 on invalid ip addresses that contain embedded null characters in appropriate places. " The function ip2long() generates an IPv4 Internet network address from its Internet standard format (dotted string) representation. If ip_address is invalid than -1 is returned. Note that -1 does not evaluate as FALSE in PHP." Reproduce code: --------------- if(ip2long($_GET[ip]) != -1) echo($_GET[ip]); http://something.net/somescript.php?ip=127.0.0.1%00<b>foo</b> Expected result: ---------------- Arbitrary HTML insertion. Worse effects may be possible depending on the application. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25997&edit=1
