Debian Bug report logs - #645292
libnet-cidr-perl: comparing IPv4 addresses against IPv6 ranges (or vice versa) causes a crash

version graph

Package: libnet-cidr-perl; Maintainer for libnet-cidr-perl is Bart Martens <bartm@debian.org>; Source for libnet-cidr-perl is src:libnet-cidr-perl.

Reported by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Date: Fri, 14 Oct 2011 04:15:01 UTC

Severity: wishlist

Tags: help, upstream

Found in version libnet-cidr-perl/0.14-1

Forwarded to https://rt.cpan.org/Public/Bug/Display.html?id=67275

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, dkg@fifthhorseman.net, Bart Martens <bartm@debian.org>:
Bug#645292; Package libnet-cidr-perl. (Fri, 14 Oct 2011 04:15:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
New Bug report received and forwarded. Copy sent to dkg@fifthhorseman.net, Bart Martens <bartm@debian.org>. (Fri, 14 Oct 2011 04:15:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libnet-cidr-perl: comparing IPv4 addresses against IPv6 ranges (or vice versa) causes a crash
Date: Fri, 14 Oct 2011 00:13:29 -0400
Package: libnet-cidr-perl
Version: 0.14-1
Severity: important

consider the following code:

-----------

use Net::CIDR;
@cidrlist=Net::CIDR::cidradd("127.23.11.1/32", @cidrlist);

printf("it matches!\n")
  if Net::CIDR::cidrlookup("::1", @cidrlist);

printf("got here\n");

-----------

I would expect the cidrlookup to return 0 (the specified IPv6 address
clearly does not fall in the IPv4 address range).  but instead, the
code dies entirely with:

Invalid netblock: 127.23.11.1-0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1 at ./testcidr.pl line 10

and never even prints "got here".

Putting IPv6 in the cidradd() call and IPv4 in cidrlookup() fails with
a similar error:

Invalid netblock: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1-127.23.11.1 at ./testcidr.pl line 10

This is problematic generally, but i see the problem specifically for
munin-node, which has a list of cidr_allow addresses.  If an IPv6
cidr_allow is listed first, then any connection from an IPv4 host will
be rejected with this error in /var/log/munin/munin-node.log.  If an
IPv4 cidr_allow is listed first, then any connection from an IPv6 host
will be rejected with this error in /var/log/munin/munin-node.log.
This is troublesome if you want to allow both IPv4 and IPv6
connections to the munin-node.

            --dkg

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libnet-cidr-perl depends on:
ii  perl  5.12.4-4

libnet-cidr-perl recommends no packages.

libnet-cidr-perl suggests no packages.

-- no debconf information




Added indication that 645292 affects munin-node Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Tue, 01 Nov 2011 22:39:03 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'https://rt.cpan.org/Public/Bug/Display.html?id=67275'. Request was from Bart Martens <bartm@debian.org> to control@bugs.debian.org. (Thu, 03 Nov 2011 18:06:02 GMT) Full text and rfc822 format available.

Added tag(s) upstream and help. Request was from Bart Martens <bartm@debian.org> to control@bugs.debian.org. (Thu, 03 Nov 2011 18:06:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Bart Martens <bartm@debian.org>:
Bug#645292; Package libnet-cidr-perl. (Sun, 07 Jul 2013 11:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mark Wooding <mdw@distorted.org.uk>:
Extra info received and forwarded to list. Copy sent to Bart Martens <bartm@debian.org>. (Sun, 07 Jul 2013 11:57:04 GMT) Full text and rfc822 format available.

Message #16 received at 645292@bugs.debian.org (full text, mbox):

From: Mark Wooding <mdw@distorted.org.uk>
To: 645292@bugs.debian.org
Subject: Patch for ancient bug
Date: Sun, 07 Jul 2013 12:46:18 +0100
Amazingly, this bug still hasn't been fixed.  Or even commented upon by
the maintainer (who has anyway uploaded new upstream versions which
don't fix the bug in the meantime).

Here's a slightly ugly patch which I think is correct.  I'm using this
now.

--- CIDR.pm	2012-02-15 13:32:45.000000000 +0000
+++ /tmp/mdw/perl5/Net/CIDR.pm	2013-07-07 12:23:22.000000000 +0100
@@ -791,6 +792,7 @@
 sub _ipcmp {
     my $aa=shift;
     my $bb=shift;
+    my $mismatch = shift;
 
     my $isipv6_1;
     my $isipv6_2;
@@ -798,10 +800,10 @@
     ($isipv6_1, $aa)=_ipv6to4($aa);
     ($isipv6_2, $bb)=_ipv6to4($bb);
 
-    if ($isipv6_1 || $isipv6_2)
+    if (!$isipv6_1 != !$isipv6_2)
     {
-	croak "Invalid netblock: $aa-$bb"
-	    unless $isipv6_1 && $isipv6_2;
+	return $mismatch if defined $mismatch;
+	croak "Invalid netblock: $aa-$bb";
     }
 
     my @a=split (/\./, $aa);
@@ -1177,8 +1179,8 @@
 
     for ($i=0; $i <= $#a; $i++)
     {
-	next if _ipcmp($b[$i], $lo) < 0;
-	next if _ipcmp($hi, $a[$i]) < 0;
+	next if _ipcmp($b[$i], $lo, -1) < 0;
+	next if _ipcmp($hi, $a[$i], -1) < 0;
 	return 1;
     }
 

-- [mdw]



Added tag(s) patch. Request was from Kenyon Ralph <kenyon@kenyonralph.com> to control@bugs.debian.org. (Sun, 07 Jul 2013 14:27:10 GMT) Full text and rfc822 format available.

Removed tag(s) patch. Request was from Bart Martens <bartm@debian.org> to control@bugs.debian.org. (Tue, 23 Jul 2013 20:03:07 GMT) Full text and rfc822 format available.

Severity set to 'wishlist' from 'important' Request was from Bart Martens <bartm@debian.org> to control@bugs.debian.org. (Tue, 23 Jul 2013 20:12:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 19:35:08 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.