[Bug 5210] New: httpd.c:parse_conf() does not understand IPv6 addressing in ACLs

bugzilla at busybox.net bugzilla at busybox.net
Wed May 9 14:42:55 UTC 2012


https://bugs.busybox.net/show_bug.cgi?id=5210

           Summary: httpd.c:parse_conf() does not understand IPv6
                    addressing in ACLs
           Product: Busybox
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Networking
        AssignedTo: unassigned at busybox.net
        ReportedBy: hume-ml+busybox at bofh.ca
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


httpd.c as written is unable to understand IPv6 addresses.  It uses an unsigned
int to store the IP address (too small) and assumes that the first colon
encountered in the string actually marks a port specification.  As a result all
ACL comparisons on a IPv6 connection will fail.  (Which can lock you out of a
device if not careful...)

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list