Ipv4Addr: Incorrect Parsing for Octal format IP string #83648

xu-cheng · 2021-03-29T16:13:38Z

This issue is inspired by this blog.

Due to the specification, leading zero in IP string is interpreted as octal literals. So a IP address 0127.0.0.1 actually means 87.0.0.1. As shown in the following example:

❯ ping 0127.0.0.1
PING 0127.0.0.1 (87.0.0.1): 56 data bytes

However, the Ipv4Addr from the std library will recognize it as 127.0.0.1 instead. A simple code to demo the situation (playground link):

use std::net::Ipv4Addr;

fn parse(input: &str) {
    let ip: Option<Ipv4Addr> = input.parse().ok();
    println!("{} -> {:?}", input, ip);
    
}

fn main() {
    parse("127.0.0.1");
    parse("0127.0.0.1");
}

I expected to see this happen:

127.0.0.1 -> Some(127.0.0.1)
0127.0.0.1 -> Some(87.0.0.1)

Instead, this happened:

127.0.0.1 -> Some(127.0.0.1)
0127.0.0.1 -> Some(127.0.0.1)

Noted this bug may cause security vulnerabilities in certain cases. For example, a Rust program uses Ipv4Addr doing some sanity check then passing the user string to other library or program.

Furthermore, the specification actually also allows hex format in IP string.

Meta

rustc --version --verbose:

rustc 1.51.0 (2fd73fabe 2021-03-23)

The text was updated successfully, but these errors were encountered:

xu-cheng · 2021-03-29T16:19:11Z

While the fix should be quite straightforward, there are two possible solutions:

Make the parsing conform the standard.
OR only accept IP string in decimal format. Certain software chooses this approach because it may improve the security. See https://tools.ietf.org/html/rfc6943#section-3.1.1

joshtriplett · 2021-03-29T16:19:17Z

It's not at all obvious that we should parse octal IP addresses. Seems exceedingly unlikely to come up outside of security advisories. I would venture a guess that if we added this, far more people would be tripped up by it happening unexpectedly than would ever use it intentionally.

xu-cheng · 2021-03-29T16:21:26Z

I would venture a guess that if we added this, far more people would be tripped up by it happening unexpectedly than would ever use it intentionally.

I agree. So I think disallowing octal string like inet_pton should be better approach.

Nevertheless, the current implementation in Rust std library should be considered as a (low-risk?) security vulnerability.

Disallow octal format in Ipv4 string In its original specification, leading zero in Ipv4 string is interpreted as octal literals. So a IP address 0127.0.0.1 actually means 87.0.0.1. This confusion can lead to many security vulnerabilities. Therefore, in [IETF RFC 6943], it suggests to disallow octal/hexadecimal format in Ipv4 string all together. Existing implementation already disallows hexadecimal numbers. This commit makes Parser reject octal numbers. Fixes rust-lang#83648. [IETF RFC 6943]: https://tools.ietf.org/html/rfc6943#section-3.1.1

xu-cheng added the C-bug Category: This is a bug. label Mar 29, 2021

jonas-schievink added the T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. label Mar 29, 2021

xu-cheng mentioned this issue Mar 29, 2021

Disallow octal format in Ipv4 string #83652

Merged

bors closed this as completed in 974192c Mar 30, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ipv4Addr: Incorrect Parsing for Octal format IP string #83648

Ipv4Addr: Incorrect Parsing for Octal format IP string #83648

xu-cheng commented Mar 29, 2021 •

edited

Loading

xu-cheng commented Mar 29, 2021

joshtriplett commented Mar 29, 2021

xu-cheng commented Mar 29, 2021

Ipv4Addr: Incorrect Parsing for Octal format IP string #83648

Ipv4Addr: Incorrect Parsing for Octal format IP string #83648

Comments

xu-cheng commented Mar 29, 2021 • edited Loading

Meta

xu-cheng commented Mar 29, 2021

joshtriplett commented Mar 29, 2021

xu-cheng commented Mar 29, 2021

xu-cheng commented Mar 29, 2021 •

edited

Loading