From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Wed, 27 Aug 2025 19:13:15 +0000 (+0000)
Subject: Validate raw-IPv4 when parsing hostnames (#2140)
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b8337359;p=thirdparty%2Fsquid.git

Validate raw-IPv4 when parsing hostnames (#2140)
---

diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc
index 97121e4d65..6527e6316c 100644
--- a/src/anyp/Uri.cc
+++ b/src/anyp/Uri.cc
@@ -637,8 +637,20 @@ AnyP::Uri::parseHost(Parser::Tokenizer &tok) const
 
     // no brackets implies we are looking at IPv4address or reg-name
 
-    // XXX: This code does not detect/reject some bad host values (e.g. "!#$%&"
-    // and "1.2.3.4.5"). TODO: Add more checks here, after migrating the
+    static const CharacterSet IPv4chars = CharacterSet("period", ".") + CharacterSet::DIGIT;
+    SBuf ipv4ish; // IPv4address-ish
+    if (tok.prefix(ipv4ish, IPv4chars)) {
+        // This rejects non-IP addresses that our caller would have
+        // otherwise mistaken for a domain name (e.g., '127.0.0' or '1234.5').
+        Ip::Address ipCheck;
+        if (!ipCheck.fromHost(ipv4ish.c_str()))
+            throw TextException("malformed IP address in uri-host", Here());
+
+        return ipv4ish;
+    }
+
+    // XXX: This code does not detect/reject some bad host values (e.g. "!#$%&").
+    // TODO: Add more checks here, after migrating the
     // non-CONNECT uri-host parsing code to use us.
 
     SBuf otherHost; // IPv4address-ish or reg-name-ish;