Bug ID 1109550
Summary shadowsocks-libev: unsafe stripping of port from hostname in http.c (incompatibility SNI sniffing with IPv6)
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Network
Assignee bnc-team-screening@forge.provo.novell.com
Reporter hillwoodroc@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Forward form https://github.com/shadowsocks/shadowsocks-libev/issues/1945

What version of shadowsocks-libev are you using?
Latest

What operating system are you using?
Linux

What did you do?
I've send the following request to [2001:470:1:18::119]:
GET /ip/?callback=?&testdomain=test-ipv6.com&testname=test_ipv6
HTTP/1.1\r\nHost: [2001:470:1:18::119]\r\n\r\n
with atyp=4 (IPv6)

What did you expect to see?
INFO connect to [2001:470:1:18::119]:80

What did you see instead?
Pure IPv6 address truncated:
INFO connect to [2001:470:1:18::80

What is your config in detail (with all sensitive info masked)?
No matter. Problem in SNI sniffing (parse_http_header() func in http.c).
IPv6 address without port has been truncated by the last colon.

You are receiving this mail because: