Ensure the host can be parsed as an IPv6 address. #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gabi-250
force-pushed
the
ipv6-hosts
branch
2 times, most recently
from
3fcf282
to
280d034
Compare
cbranch
approved these changes
Jan 8, 2021
inikulin
requested changes
Jan 8, 2021
hyper-boring/src/lib.rs
Outdated
| // it (otherwise, boring will fail to parse the host as an IP address, eventually | ||
| // causing the handshake to fail due a hostname verification error). | ||
| let host_or_ip = match (host.find('['), host.find(']')) { | ||
| (Some(0), Some(i)) => &host[1..i], |
There was a problem hiding this comment.
We need to ensure here that i == host.len() - 1. Otherwise, we can strip a part of host, doesn't seem to be a safe thing to do. Should be smthg like:
let last = host.len() - 1;
if last > 0 && host[0] == '[' && host[last] == ']' {
host = &host[1..last];
}Ideally we should also validate that what's enclosed in [ ] is indeed and IPv6
There was a problem hiding this comment.
Good point (host is extracted from a valid Uri, so I assumed it can only contain brackets if is a valid IPv6 address). That being said I'm happy to make this change.
|
@inikulin Thank you for the review. I made the changes you've suggested. |
inikulin
approved these changes
Jan 20, 2021
nox
pushed a commit
to nox/boring
that referenced
this pull request
May 5, 2021
Merge in ECO/boring-rpk from hyper-rpk to master * commit '7f2cdcd96b53a58c3e828cf4868f9965604bc107': MAL-359 Add RPK support to tokio-boring
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If the host is an IPv6 address, the value returned by
Uri::host()will include the surrounding brackets. This causes boring to fail to parse the host as an IP address. Eventually, this causes hostname verification to fail. I assume the hostname verification failure is due to the fact that the host will be compared with theDNSNames fromSubjectAlternativeName, instead of theIPAddresses (set_ipvsset_host).