diff options
| author | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2025-04-08 11:30:15 +0200 |
|---|---|---|
| committer | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2025-04-08 11:30:15 +0200 |
| commit | bad8f542320b2a5c1508a91c1764af6f80b75860 (patch) | |
| tree | a469cb1efb2e0831d7375e99252a245dee20eb08 | |
| parent | 83190a880045425e5237af1730bfe624ffaa2563 (diff) | |
| download | nextcloud-server-backport/52015/stable30.tar.gz nextcloud-server-backport/52015/stable30.zip | |
feat(ip): use larger IPv6 range by defaultbackport/52015/stable30
Some providers assign `/48` IPv6 blocks instead of `/64` so it sounds safer
to use this mask by default.
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
| -rw-r--r-- | lib/private/Security/Normalizer/IpAddress.php | 8 | ||||
| -rw-r--r-- | tests/lib/Security/Normalizer/IpAddressTest.php | 10 |
2 files changed, 9 insertions, 9 deletions
diff --git a/lib/private/Security/Normalizer/IpAddress.php b/lib/private/Security/Normalizer/IpAddress.php index dc7c784fa4c..5ba51d8c480 100644 --- a/lib/private/Security/Normalizer/IpAddress.php +++ b/lib/private/Security/Normalizer/IpAddress.php @@ -24,7 +24,7 @@ class IpAddress { } /** - * Return the given subnet for an IPv6 address (64 first bits) + * Return the given subnet for an IPv6 address (48 first bits) */ private function getIPv6Subnet(string $ip): string { if ($ip[0] === '[' && $ip[-1] === ']') { // If IP is with brackets, for example [::1] @@ -36,9 +36,9 @@ class IpAddress { } $binary = \inet_pton($ip); - $mask = inet_pton('FFFF:FFFF:FFFF:FFFF::'); + $mask = inet_pton('FFFF:FFFF:FFFF::'); - return inet_ntop($binary & $mask).'/64'; + return inet_ntop($binary & $mask).'/48'; } /** @@ -63,7 +63,7 @@ class IpAddress { /** - * Gets either the /32 (IPv4) or the /64 (IPv6) subnet of an IP address + * Gets either the /32 (IPv4) or the /48 (IPv6) subnet of an IP address */ public function getSubnet(): string { if (filter_var($this->ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { diff --git a/tests/lib/Security/Normalizer/IpAddressTest.php b/tests/lib/Security/Normalizer/IpAddressTest.php index ae6b5cbc9ca..8c00fee9b3c 100644 --- a/tests/lib/Security/Normalizer/IpAddressTest.php +++ b/tests/lib/Security/Normalizer/IpAddressTest.php @@ -36,20 +36,20 @@ class IpAddressTest extends TestCase { '192.168.0.123/32', ], [ - '2001:0db8:85a3:0000:0000:8a2e:0370:7334', - '2001:db8:85a3::/64', + '2001:0db8:0000:0000:0000:8a2e:0370:7334', + '2001:db8::/48', ], [ '2001:db8:3333:4444:5555:6666:7777:8888', - '2001:db8:3333:4444::/64', + '2001:db8:3333::/48', ], [ '::1234:5678', - '::/64', + '::/48', ], [ '[::1]', - '::/64', + '::/48', ], ]; } |