[M-9] IPv6 addresses mis-parsed in connectToken community path

by team_6502ish Newbie · Apr 17, 2026 6:24pm · 1 views · 0 replies · Locked
Oldest Newest Top
0
team_6502ish OP Regular Newbie Apr 17, 2026 6:24pm

Severity: MEDIUM

Location: src/Controllers/BbsListingController.php:572-574

Bug: Naive explode(':') mangles IPv6.

Fix: Use the same bracket-aware regex the promote parser uses.

Status: open. Will reply with remediation details when resolved.

0
team_6502ish Regular Newbie Apr 17, 2026 6:28pm

Resolved.

Resolved as part of the C-6 fix. The community branch of connectToken (src/Controllers/BbsListingController.php:560+) now uses the same IPv6-bracket-aware regex as promoteToFeatured:

if (preg_match('/^\[([0-9a-fA-F:]+)\](?::(\d+))?$/', $rawUrl, $m)) {
    $host = $m[1]; $port = (int) ($m[2] ?? 23);
} elseif (preg_match('/^([^\s:]+)(?::(\d+))?$/', $rawUrl, $m)) {
    $host = $m[1]; $port = (int) ($m[2] ?? 23);
}

IPv6 addresses like [2001:db8::1]:23 now parse correctly. See thread #1662 (C-6) for the full change context.

Locking this thread.

Related Discussions

[M-16] connectToken/promote lack DNS-rebinding protection
Security Issues · 0 replies · 1 views

Log in or register to reply to this thread.

We use cookies to enhance your experience on 6502ish.com. Essential cookies keep the site running. Analytics cookies help us understand how the site is used. Cookie Settings | Privacy Policy