Only allow IPv4 literals in strict form (#18656) - Nim - This repository contains the Nim compiler, Nim's stdlib, tools, and documentation. (mirror)

diff options

author	Christian Ulrich <christian@ulrich.earth>	2021-08-08 20:11:07 +0200
committer	GitHub <noreply@github.com>	2021-08-08 19:11:07 +0100
commit	0d3af5454b66dfe4a8a7017030708a890207c658 (patch)
tree	32dd25fee0eff0089748d2426fac41e5e23fe8a2 /lib/pure/bitops.nim
parent	eb19db6595846c92e5eb999d96605fe4bb0934f7 (diff)
download	Nim-0d3af5454b66dfe4a8a7017030708a890207c658.tar.gz

Only allow IPv4 literals in strict form (#18656)

* Only allow IPv4 literals in strict form

The strict form as defined in RFC 6943, section 3.1.1 only allows the dotted
form ddd.ddd.ddd.ddd of IPv4 literals, where ddd is a one to three digit decimal
number between 0 and 255. Until now octal numbers (with a leading zero) were
interpreted as decimal numbers which has security implications, see
CVE-2021-29922 and CVE-2021-29923.

* Update lib/pure/net.nim

Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com>

Diffstat (limited to 'lib/pure/bitops.nim')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: