Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support server name validation using IP Address #113

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Support server name validation using IP Address #113

wants to merge 6 commits into from

Conversation

akshaymankar
Copy link

@akshaymankar akshaymankar commented Jul 9, 2019
edited

Fixes #90

This PR uses foundation for parsing IP address from hostname. The parser can overflow without any errors which may be seen as a vulnerability. I have opened another PR (haskell-foundation/foundation#524) to fix it.

I would've written the parser here using ReadP, but parsing IPv6 was getting very involved so I decided to use foundation.

@akshaymankar
Copy link
Author

haskell-foundation/foundation#524 is merged, but unfortunately there was a bug in it. The ipv4parser was not safe and it returns error if things which don't look like an IPv4 address are passed to it. I have fixed it in haskell-foundation/foundation#526. This time I also used the code in this repository to make sure things were fine. The tests are passing, so I think the fix should be good.

@akshaymankar akshaymankar marked this pull request as ready for review September 7, 2019 14:04
@akshaymankar
Copy link
Author

This is now ready to be merged 😄

@akshaymankar akshaymankar mentioned this pull request Oct 17, 2019
Closed
@ruuda ruuda mentioned this pull request Feb 4, 2021
Open
@akshaymankar
Add test verify validation of IPv4 in SAN
2d72080 
[haskell-tls#90]
@akshaymankar
Add validation for IPV4 addresses in SAN
20652a6
@akshaymankar
Add validation for IPv6 addresses in SAN
139b652 
Use IP parser from foundation library, there is an overflow bug in the
library, it is reported here: haskell-foundation/foundation#523.
I am not sure if it an attack vector, but it should be fixed anyways.
@akshaymankar
Use latest version of foundation
9e29369 
This is required to make sure IPv4 parsing handles overflow correctly.
See haskell-foundation/foundation#526 for details.
@akshaymankar akshaymankar mentioned this pull request Apr 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: server name validation using IP addresses
2 participants
@akshaymankar @kazu-yamamoto