Commit 745c190
committed
Add IPv6 validation to parseCIDRv6 to prevent IPv4 CIDR panics
The parseCIDRv6 function now explicitly validates that the provided CIDR
is IPv6, not IPv4. Previously, net.ParseCIDR() would accept IPv4 CIDRs,
and To16() would return a non-nil value (IPv4-mapped IPv6), but the mask
would only be 4 bytes. This caused a panic when the code tried to index
ipnet.Mask[i] assuming a 16-byte mask.
The fix adds two validation checks:
1. ip.To4() == nil (ensures it's not IPv4)
2. len(ipnet.Mask) == net.IPv6len (ensures 16-byte mask)
Added unit test TestParseCIDRv6_RejectsIPv4 to verify the validation.1 parent 35f14a9 commit 745c190
2 files changed
Lines changed: 25 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
541 | 541 | | |
542 | 542 | | |
543 | 543 | | |
544 | | - | |
| 544 | + | |
545 | 545 | | |
546 | 546 | | |
547 | 547 | | |
548 | 548 | | |
| 549 | + | |
| 550 | + | |
| 551 | + | |
| 552 | + | |
| 553 | + | |
| 554 | + | |
| 555 | + | |
| 556 | + | |
549 | 557 | | |
550 | 558 | | |
551 | 559 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
133 | 133 | | |
134 | 134 | | |
135 | 135 | | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
0 commit comments