------------11311C7717B8B46E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hello Oliver,
Friday, June 10, 2005, 3:35:41 PM, you wrote:

> the problem is in function eping_validaddr() in functions.php where the
> host is checked if it is valid as the name says...
> But the only check is to see if it is a valid ip adress for eping, here
> is the code:

> --------------8<-----------------------------------------8<--------------=
-----------------------
> function eping_validaddr($eping_hosttocheck)
> {
[..]
> }
> --------------8<-----------------------------------------8<--------------=
-----------------------

> I am sorry but I am a coder and my eyes are bleeding when looking at
> stuff like that so here is my suggestion for replaceing the if-statement:
> if(preg_match("/^[0-9]{2,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?$/",
> $eping_hosttocheck))

A better solution would be to limit the scope of the regex and use ^
and $ on the regex the original code has in place. I'd personally use:

If (preg_match("/^((25[0-5]|2[0-4][0-9]|1?\d{1,2})\.){3}((25[0-5]|2[0-4][0-=
9]|1?\d{1,2}))$/", $eping_hosttocheck))

Won't match IPv6 addresses, but neither will the original code, and it
matches IP addresses perfectly I believe.

--=20
Jonathan Angliss
<jon@netdork.net>
------------11311C7717B8B46E
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFCruNgK4PoFPj9H3MRAoH6AJ9L0Vx2UmW7JvFIhekxqi HPd+C+vACgs***
3eoAhxWK9vUA29J5GRgoRsk=
=Ms1M
-----END PGP MESSAGE-----

------------11311C7717B8B46E--

Jonathan Angliss schrieb:

> Won't match IPv6 addresses, but neither will the original code, and it
> matches IP addresses perfectly I believe.

My Suggestion for IPv4 is:

^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])$

So 0.0.0.0 (Internet) doesn't match, just as 224.0.0.0/4 (Multicast) and
240.0.0.0/4 (Future Use) as described in RFC3330.

(based on the Regex from Mastering Regular Expression, Jeffrey E.F. Friedl)

Any further suggestions?

Am 14.06.2005 schrieb Christoph 'knurd' Jeschke:
> Jonathan Angliss schrieb:
>
> > Won't match IPv6 addresses, but neither will the original code, and it
> > matches IP addresses perfectly I believe.
>
> My Suggestion for IPv4 is:
>
> ^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])$
>
> So 0.0.0.0 (Internet) doesn't match, just as 224.0.0.0/4 (Multicast) and
> 240.0.0.0/4 (Future Use) as described in RFC3330.
>
> (based on the Regex from Mastering Regular Expression, Jeffrey E.F. Friedl)
>
> Any further suggestions?

Beware that 0.0.0.1 is also adressable, as the whole /8 has been
issued for the same thing :-)


If you wish to use a very complete list of "unlikely" IPv4 adresses,
you're looking for the bogons list at http://www.cymru.com/Bogons/.

A short list on "special" IPv4 adresses can be found in RFC 3330;
so you might also wish to add

0.0.0.0/8 (RFC1700)
127.0.0.0/8 (loopback, RFC1700)
169.254.0.0/16 (LINKLOCAL)
192.0.2.0/24 (NET-TEST, "for documentation only")
198.18.0.0/15 (network device testing, see RFC 2544)

.... and possibly more or less the complete RFC1918-space (10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16), too.


For IPv6, at least

0000::/8 (loopback)
FE00::/9 and FF00::/8 (multicast, see RFC3513)
2001:DB8::/32 ("documentation-only", RFC3849)

are quite clear to reject.



Regards,

Anders
--
Schlund + Partner AG Security
Brauerstrasse 48 v://49.721.91374.50
D-76135 Karlsruhe f://49.721.91374.225