The prefix bits for a call to ParsePrefix are passed raw to
strconv.Atoi, this means that it can accept +- signs as well as leading
zeroes, which are not allowed prefix values following RFC 4632 Section
3.1 and RFC 4291 Section 2.3.
Validate non-digit characters as well as leading zeroes and return an
error accordingly.
Fixes #63850
Change-Id: I412a7e1cecc6ee9ea1582d4b04cb40d79ee714f1
GitHub-Last-Rev:
462d97fc5f412e18376356dbc10b63711c084144
GitHub-Pull-Request: golang/go#63859
Reviewed-on: https://go-review.googlesource.com/c/go/+/538860
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
}
bitsStr := s[i+1:]
+
+ // strconv.Atoi accepts a leading sign and leading zeroes, but we don't want that.
+ if len(bitsStr) > 1 && (bitsStr[0] < '1' || bitsStr[0] > '9') {
+ return Prefix{}, errors.New("netip.ParsePrefix(" + strconv.Quote(s) + "): bad bits after slash: " + strconv.Quote(bitsStr))
+ }
+
bits, err := strconv.Atoi(bitsStr)
if err != nil {
return Prefix{}, errors.New("netip.ParsePrefix(" + strconv.Quote(s) + "): bad bits after slash: " + strconv.Quote(bitsStr))
},
{
prefix: "1.1.1.0/-1",
- errstr: "out of range",
+ errstr: "bad bits",
},
{
prefix: "1.1.1.0/33",
prefix: "2001:db8::%a/32",
errstr: "zones cannot be present",
},
+ {
+ prefix: "1.1.1.0/+32",
+ errstr: "bad bits",
+ },
+ {
+ prefix: "1.1.1.0/-32",
+ errstr: "bad bits",
+ },
+ {
+ prefix: "1.1.1.0/032",
+ errstr: "bad bits",
+ },
+ {
+ prefix: "1.1.1.0/0032",
+ errstr: "bad bits",
+ },
}
for _, test := range tests {
t.Run(test.prefix, func(t *testing.T) {