Skip to content

Commit

Permalink
Fix IPv6 non-specified ranges unexpectedly allowed
Browse files Browse the repository at this point in the history
  • Loading branch information
Jimadine committed Jun 26, 2024
1 parent 00eda91 commit 7e74fb8
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions lib/filter/QubitLimitIp.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ protected function getRemoteAddress()
protected function isAllowed()
{
$address = $this->getRemoteAddress();
$addressBinary = inet_pton($address);

// Check if empty
if (1 == count($this->limit) && empty($this->limit[0])) {
Expand All @@ -71,23 +72,25 @@ protected function isAllowed()
foreach ($this->limit as $item) {
// Ranges are supported, using a comma or a dash
$limit = preg_split('/[,-]/', $item);
$limitBinary = inet_pton(trim($limit[0]));

// Single IP
if (1 == count($limit) && $address == $limit[0]) {
if (1 == count($limit) && $addressBinary == $limitBinary && strlen($addressBinary) == strlen($limitBinary)) {
return true;
}

// Range
if (2 == count($limit)) {
$limit[0] = trim($limit[0]);
$limit[1] = trim($limit[1]);

$addressLong = ip2long($address);
$firstInRangeBinary = inet_pton($limit[0]);
$lastInRangeBinary = inet_pton($limit[1]);

if (
ip2long($limit[0]) <= $addressLong
&& ip2long($limit[1]) >= $addressLong
(strlen($addressBinary) == strlen($firstInRangeBinary))
&& ($addressBinary >= $firstInRangeBinary && $addressBinary <= $lastInRangeBinary)
) {

return true;
}
}
Expand Down

0 comments on commit 7e74fb8

Please sign in to comment.