This change brakes the IPv6 format used in X-Forwarded-For https://hg.prosody.im/trunk/rev/90394be5e6a5
X-Forwarded-For doesn't use brackets, and the second regexp meant for
ipv4 kicks in:
normal_ip("2001:db8:85a3:8d3:1319:8a2e:370:7348") ---> "2001"
The first attached patch fixes it by only matching four sets of digits
separated by dots. The new behaviour:
1.12.113.24 -> 1.12.113.24
[2001:db8:85a3:8d3:1319:8a2e:370:7348] -> 2001:db8:85a3:8d3:1319:8a2e:370:7348
2001:db8:85a3:8d3:1319:8a2e:370:7348 -> 2001:db8:85a3:8d3:1319:8a2e:370:7348
1.12.113.24:443 -> 1.12.113.24
[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443 ->
2001:db8:85a3:8d3:1319:8a2e:370:7348
The second patch I've submitted before. It ignores entries in
X-Forwarded-For when they don't parse as an IP instead of throwing an
exception and returning HTTP 500. Note with 0.12 this was only
happening when something included invalid values in the header, but
with 13 it fails when ipv6 is used with X-Forwarded-For (e.g.
cloudflare).
Regards,
Boris
--
You received this message because you are subscribed to the Google Groups
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/prosody-dev/CAFCpYuzijtRSTsNB%3DmxAWiuquu-1SiJufu3Qux2R3FfNODsCNQ%40mail.gmail.com.
1-fix-normal_ip.patch
Description: Binary data
2-ignore-parse-errors.patch
Description: Binary data
