New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support server name validation using IP Address #113
base: master
Are you sure you want to change the base?
Conversation
haskell-foundation/foundation#524 is merged, but unfortunately there was a bug in it. The ipv4parser was not safe and it returns |
This is now ready to be merged 😄 |
Use IP parser from foundation library, there is an overflow bug in the library, it is reported here: haskell-foundation/foundation#523. I am not sure if it an attack vector, but it should be fixed anyways.
This is required to make sure IPv4 parsing handles overflow correctly. See haskell-foundation/foundation#526 for details.
Fixes #90
This PR uses foundation for parsing IP address from hostname. The parser can overflow without any errors which may be seen as a vulnerability. I have opened another PR (haskell-foundation/foundation#524) to fix it.
I would've written the parser here using ReadP, but parsing IPv6 was getting very involved so I decided to use foundation.