Skip to content
This repository has been archived by the owner on Jul 22, 2019. It is now read-only.

ipv6 hostname #11

Open
drtdre opened this issue Dec 7, 2017 · 1 comment
Open

ipv6 hostname #11

drtdre opened this issue Dec 7, 2017 · 1 comment

Comments

@drtdre
Copy link

drtdre commented Dec 7, 2017

If the hostname is an ipv6 address (with colons), the 'token signature' is incorrectly identified as invalid. The user identity can be found by using a regex expression '/!(\w*)?!!pwd/' on $_SERVER['QUERY_STRING']

Not sure if this is really an issue, but may become one as ipv6 becomes more prevalent.
@jw35
Copy link

jw35 commented Dec 7, 2017

Signature validation is one area where there seem to be multiple bugs in this code, though I can't immediately think how an IPv6 could get into the response message (except perhaps as a literal in the URL field) or why it would provoke a validation error.

The user identity can be found by using a regex expression '/!(\w*)?!!pwd/' on $_SERVER['QUERY_STRING']

DON'T DO THAT! Manually extracting a user identity out of the query string without validating the signature is DANGEROUS. Its only the signature that proves the response message came from Raven. If you ignore the signature, anyone can construct a response message and claim to be anyone, thus completely bypassing authentication.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jw35 @drtdre