I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit 9e36fe09 authored by zzz's avatar zzz
Browse files

Transport: Simplify IPv6 address validation 

reject reserved ranges
parent b4b6968e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
router/java/src/net/i2p/router/transport/TransportUtil.java
+ 19
25
View file @ 9e36fe09
...@@ -187,11 +187,8 @@ public abstract class TransportUtil { ...@@ -187,11 +187,8 @@ public abstract class TransportUtil {
return true; // or at least possible to be true return true; // or at least possible to be true
} else if (addr.length == 16) { } else if (addr.length == 16) {
if (allowIPv6) { if (allowIPv6) {
// loopback, broadcast, int a0 = addr[0] & 0xFF;
// IPv4 compat ::xxxx:xxxx if (a0 == 0x20) {
if (addr[0] == 0)
return false;
if (addr[0] == 0x20) {
// disallow 2002::/16 (6to4 RFC 3056) // disallow 2002::/16 (6to4 RFC 3056)
if (addr[1] == 0x02) if (addr[1] == 0x02)
return false; return false;
...@@ -203,32 +200,29 @@ public abstract class TransportUtil { ...@@ -203,32 +200,29 @@ public abstract class TransportUtil {
if (addr[2] == 0x0d && (addr[3] & 0xff) == 0xb8) if (addr[2] == 0x0d && (addr[3] & 0xff) == 0xb8)
return false; return false;
} }
} else if ((addr[0] & 0xfe) == 0xfc) { return true;
// disallow fc00::/8 and fd00::/8 (Unique local addresses RFC 4193) } else if (a0 == 0x26) {
// not recognized as local by InetAddress
return false;
} else if (addr[0] == 0x26) {
// Hamachi IPv6 // Hamachi IPv6
if (addr[1] == 0x20 && addr[2] == 0x00 && (addr[3] & 0xff) == 0x9b) if (addr[1] == 0x20 && addr[2] == 0x00 && (addr[3] & 0xff) == 0x9b)
return false; return false;
} else if (addr[0] == 0x3f) { return true;
// 6bone RFC 2471 } else {
if ((addr[1] & 0xff) == 0xfe) // https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
return false; // Global unicast
} else if ((addr[0] & 0xfe) == 0x02) { if (a0 >= 0x20 && a0 <= 0x3f)
return true;
// 00-1f and 40-ff
// loopback, broadcast,
// IPv4 compat ::xxxx:xxxx
// Yggdrasil 0200:/7 // Yggdrasil 0200:/7
// https://yggdrasil-network.github.io/faq.html // https://yggdrasil-network.github.io/faq.html
return false; // reserved
// 6bone RFC 2471 3ff3::
// disallow fc00::/8 and fd00::/8 (Unique local addresses RFC 4193)
// not recognized as local by InetAddress
// reserved, unique local, site local, multicast
// fall through return false
} }
try {
InetAddress ia = InetAddress.getByAddress(addr);
return
(!ia.isLinkLocalAddress()) &&
(!ia.isMulticastAddress()) &&
(!ia.isAnyLocalAddress()) &&
(!ia.isLoopbackAddress()) &&
(!ia.isSiteLocalAddress());
} catch (UnknownHostException uhe) {}
} }
} }
return false; return false;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]