Bug ID | 1109550 |
---|---|
Summary | shadowsocks-libev: unsafe stripping of port from hostname in http.c (incompatibility SNI sniffing with IPv6) |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.0 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Network |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | hillwoodroc@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Forward form https://github.com/shadowsocks/shadowsocks-libev/issues/1945 What version of shadowsocks-libev are you using? Latest What operating system are you using? Linux What did you do? I've send the following request to [2001:470:1:18::119]: GET /ip/?callback=?&testdomain=test-ipv6.com&testname=test_ipv6 HTTP/1.1\r\nHost: [2001:470:1:18::119]\r\n\r\n with atyp=4 (IPv6) What did you expect to see? INFO connect to [2001:470:1:18::119]:80 What did you see instead? Pure IPv6 address truncated: INFO connect to [2001:470:1:18::80 What is your config in detail (with all sensitive info masked)? No matter. Problem in SNI sniffing (parse_http_header() func in http.c). IPv6 address without port has been truncated by the last colon.