Bug 5210

Summary: httpd.c:parse_conf() does not understand IPv6 addressing in ACLs
Product: Busybox Reporter: Brandon Hume <hume-ml+busybox>
Component: NetworkingAssignee: unassigned
Status: NEW ---    
Severity: minor CC: busybox-cvs
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Host: Target:
Build:
Attachments: Possible patch to add IPv6 support to ACLs

Description Brandon Hume 2012-05-09 14:42:55 UTC 
httpd.c as written is unable to understand IPv6 addresses.  It uses an unsigned int to store the IP address (too small) and assumes that the first colon encountered in the string actually marks a port specification.  As a result all ACL comparisons on a IPv6 connection will fail.  (Which can lock you out of a device if not careful...)
Comment 1 Brandon Hume 2012-06-14 22:43:16 UTC 
Created attachment 4388 [details]
Possible patch to add IPv6 support to ACLs

Put together a patch to add IPv6 ACL support to httpd.conf.  Needs testing, and I don't have a big-endian machine to test the compiled binary on.  Adds about 700 bytes to the compiled httpd.o.

Htaccess_IP->ip and rmt_ip become arrays when IPv6 is enabled.

Removes scan_ip() and scan_ip_mask(), replaces them with parse_ip() and parse_mask().  Adds an inline function to compare the ints of the address, used when IPv6 is enabled and not.