Package: polipo Version: 1.0.4.1-1.1 Severity: normal Tags: patch ipv6 Hi,
Polipo does not recognize very long literal IPv6 addresses as such: | $ wget http://[2001:1AF8:1:F006:0:0:0:6]/ | --2010-10-19 06:13:55-- http://[2001:1af8:1:f006:0:0:0:6]/ | Resolving localhost... ::1, 127.0.0.1 | Connecting to localhost|::1|:8123... connected. | Proxy request sent, awaiting response... 400 Bad Request | 2010-10-19 06:13:55 ERROR 400: Bad Request. | | $ wget http://[2001:1AF8:0001:F006:0000:0000:000:6]/ | --2010-10-19 06:14:40-- http://[2001:1af8:0001:f006:0000:0000:000:6]/ | Resolving localhost... ::1, 127.0.0.1 | Connecting to localhost|::1|:8123... connected. | Proxy request sent, awaiting response... 400 Bad Request | 2010-10-19 06:14:41 ERROR 400: Bad Request. | | $ wget http://[2001:1AF8:0001:F006:0000:0000:0000:6]/ | --2010-10-19 06:15:24-- http://[2001:1af8:0001:f006:0000:0000:0000:6]/ | Resolving localhost... ::1, 127.0.0.1 | Connecting to localhost|::1|:8123... connected. | Proxy request sent, awaiting response... 504 Host [2001:1af8:0001:f006:0000:0000:0000:6] lookup failed: Host not found | 2010-10-19 06:15:24 ERROR 504: Host [2001:1af8:0001:f006:0000:0000:0000:6] lookup failed: Host not found. (Don't worry about the Bad Request, that's just www.sixxs.net's ngnix complaining about the lack of a Host: header or somesuch. The point is the connection attempt getting past polipo in the first 2 examples, and polipo trying to resolve the IPv6 address in the 3rd.) The bug is in rfc2732() in dns.c: It gets the length check wrong, as an IPv6 Literal in an URL can be up to 41 characters long: 8 groups of 4 hexdigits each, 7 separating semicolons, a leading '[', a trailing ']'. The obvious patch is attached. regards, Jan -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (99, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages polipo depends on: ii dpkg 1.15.8.5 Debian package management system ii install-info 4.13a.dfsg.1-5 Manage installed documentation in ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib polipo recommends no packages. polipo suggests no packages. -- Configuration Files: /etc/init.d/polipo changed [not included] /etc/polipo/config changed [not included] -- no debconf information -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
--- dns.c.orig 2010-10-19 05:46:03.000000000 +0200
+++ dns.c 2010-10-19 05:53:05.000000000 +0200
@@ -445,11 +445,11 @@
AtomPtr
rfc2732(AtomPtr name)
{
- char buf[38];
+ char buf[40]; /* 8*4 (hexdigits) + 7 (colons) + 1 ('\0') */
int rc;
AtomPtr a = NULL;
- if(name->length < 38 &&
+ if(name->length < 40+2 &&
name->string[0] == '[' && name->string[name->length - 1] == ']') {
struct in6_addr in6a;
memcpy(buf, name->string + 1, name->length - 2);
signature.asc
Description: Digital signature
