[Bug 1109550] New: shadowsocks-libev: unsafe stripping of port from hostname in http.c (incompatibility SNI sniffing with IPv6)
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109550 Bug ID: 1109550 Summary: shadowsocks-libev: unsafe stripping of port from hostname in http.c (incompatibility SNI sniffing with IPv6) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: hillwoodroc@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Forward form https://github.com/shadowsocks/shadowsocks-libev/issues/1945 What version of shadowsocks-libev are you using? Latest What operating system are you using? Linux What did you do? I've send the following request to [2001:470:1:18::119]: GET /ip/?callback=?&testdomain=test-ipv6.com&testname=test_ipv6 HTTP/1.1\r\nHost: [2001:470:1:18::119]\r\n\r\n with atyp=4 (IPv6) What did you expect to see? INFO connect to [2001:470:1:18::119]:80 What did you see instead? Pure IPv6 address truncated: INFO connect to [2001:470:1:18::80 What is your config in detail (with all sensitive info masked)? No matter. Problem in SNI sniffing (parse_http_header() func in http.c). IPv6 address without port has been truncated by the last colon. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109550
http://bugzilla.opensuse.org/show_bug.cgi?id=1109550#c3
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109550
http://bugzilla.opensuse.org/show_bug.cgi?id=1109550#c5
Hillwood Yang
participants (1)
-
bugzilla_noreply@novell.com