5210 – httpd.c:parse_conf() does not understand IPv6 addressing in ACLs

Bug 5210 - httpd.c:parse_conf() does not understand IPv6 addressing in ACLs

Summary: httpd.c:parse_conf() does not understand IPv6 addressing in ACLs

Status:	NEW

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Networking (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 minor
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-05-09 14:42 UTC by Brandon Hume
Modified:	2012-06-14 22:43 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Possible patch to add IPv6 support to ACLs (11.27 KB, patch) 2012-06-14 22:43 UTC, Brandon Hume	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brandon Hume 2012-05-09 14:42:55 UTC

httpd.c as written is unable to understand IPv6 addresses.  It uses an unsigned int to store the IP address (too small) and assumes that the first colon encountered in the string actually marks a port specification.  As a result all ACL comparisons on a IPv6 connection will fail.  (Which can lock you out of a device if not careful...)

Comment 1 Brandon Hume 2012-06-14 22:43:16 UTC

Created attachment 4388 [details]
Possible patch to add IPv6 support to ACLs

Put together a patch to add IPv6 ACL support to httpd.conf.  Needs testing, and I don't have a big-endian machine to test the compiled binary on.  Adds about 700 bytes to the compiled httpd.o.

Htaccess_IP->ip and rmt_ip become arrays when IPv6 is enabled.

Removes scan_ip() and scan_ip_mask(), replaces them with parse_ip() and parse_mask().  Adds an inline function to compare the ints of the address, used when IPv6 is enabled and not.