echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Transport: Simplify IPv6 address validation

Browse Source 
reject reserved ranges
This commit is contained in:
zzz
2020-10-10 12:59:53 +00:00
parent b4b6968ede
commit 9e36fe090c
1 changed files with 19 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
router/java/src/net/i2p/router/transport/TransportUtil.java
View File

@ -187,11 +187,8 @@ public abstract class TransportUtil {
return true; // or at least possible to be true return true; // or at least possible to be true
} else if (addr.length == 16) { } else if (addr.length == 16) {
if (allowIPv6) { if (allowIPv6) {
// loopback, broadcast, int a0 = addr[0] & 0xFF;
// IPv4 compat ::xxxx:xxxx if (a0 == 0x20) {
if (addr[0] == 0)
return false;
if (addr[0] == 0x20) {
// disallow 2002::/16 (6to4 RFC 3056) // disallow 2002::/16 (6to4 RFC 3056)
if (addr[1] == 0x02) if (addr[1] == 0x02)
return false; return false;
@ -203,32 +200,29 @@ public abstract class TransportUtil {
if (addr[2] == 0x0d && (addr[3] & 0xff) == 0xb8) if (addr[2] == 0x0d && (addr[3] & 0xff) == 0xb8)
return false; return false;
} }
} else if ((addr[0] & 0xfe) == 0xfc) { return true;
// disallow fc00::/8 and fd00::/8 (Unique local addresses RFC 4193) } else if (a0 == 0x26) {
// not recognized as local by InetAddress
return false;
} else if (addr[0] == 0x26) {
// Hamachi IPv6 // Hamachi IPv6
if (addr[1] == 0x20 && addr[2] == 0x00 && (addr[3] & 0xff) == 0x9b) if (addr[1] == 0x20 && addr[2] == 0x00 && (addr[3] & 0xff) == 0x9b)
return false; return false;
} else if (addr[0] == 0x3f) { return true;
// 6bone RFC 2471 } else {
if ((addr[1] & 0xff) == 0xfe) // https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
return false; // Global unicast
} else if ((addr[0] & 0xfe) == 0x02) { if (a0 >= 0x20 && a0 <= 0x3f)
return true;
// 00-1f and 40-ff
// loopback, broadcast,
// IPv4 compat ::xxxx:xxxx
// Yggdrasil 0200:/7 // Yggdrasil 0200:/7
// https://yggdrasil-network.github.io/faq.html // https://yggdrasil-network.github.io/faq.html
return false; // reserved
// 6bone RFC 2471 3ff3::
// disallow fc00::/8 and fd00::/8 (Unique local addresses RFC 4193)
// not recognized as local by InetAddress
// reserved, unique local, site local, multicast
// fall through return false
} }
try {
InetAddress ia = InetAddress.getByAddress(addr);
return
(!ia.isLinkLocalAddress()) &&
(!ia.isMulticastAddress()) &&
(!ia.isAnyLocalAddress()) &&
(!ia.isLoopbackAddress()) &&
(!ia.isSiteLocalAddress());
} catch (UnknownHostException uhe) {}
} }
} }
return false; return false;