Fix IPv6 non-specified ranges unexpectedly allowed, as reported at ar…

…tefactual#1821
Jimadine · Jun 20, 2024 · b90cb55 · b90cb55
1 parent 00eda91
commit b90cb55
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/lib/filter/QubitLimitIp.class.php b/lib/filter/QubitLimitIp.class.php
@@ -62,6 +62,7 @@ protected function getRemoteAddress()
     protected function isAllowed()
     {
         $address = $this->getRemoteAddress();
+        $addressBinary = inet_pton($address);
 
         // Check if empty
         if (1 == count($this->limit) && empty($this->limit[0])) {
@@ -71,28 +72,29 @@ protected function isAllowed()
         foreach ($this->limit as $item) {
             // Ranges are supported, using a comma or a dash
             $limit = preg_split('/[,-]/', $item);
+            $limitBinary = inet_pton(trim($limit[0]));
 
             // Single IP
-            if (1 == count($limit) && $address == $limit[0]) {
+            if (1 == count($limit) && $addressBinary == $limitBinary && strlen($addressBinary) == strlen($limitBinary)) {
                 return true;
             }
 
             // Range
             if (2 == count($limit)) {
                 $limit[0] = trim($limit[0]);
                 $limit[1] = trim($limit[1]);
-
-                $addressLong = ip2long($address);
+                $firstInRangeBinary = inet_pton($limit[0]);
+                $lastInRangeBinary = inet_pton($limit[1]);
 
                 if (
-                    ip2long($limit[0]) <= $addressLong
-                    && ip2long($limit[1]) >= $addressLong
-                ) {
+                    (strlen($addressBinary) == strlen($firstInRangeBinary))
+                     && ($addressBinary >= $firstInRangeBinary && $addressBinary <= $lastInRangeBinary)
+                   ) {
                     return true;
                 }
             }
         }
-
         return false;
     }
+
 }