Project

General

Profile

Bug #2333

$_SERVER['SERVER_NAME'] returns an incorrect value when using IPv6

Added by simoncpu over 6 years ago. Updated over 5 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
2011-08-16
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
No

Description

Problem:
$_SERVER['SERVER_NAME'] returns an incorrect value when using IPv6. i.e., when accessing a site at http://[2001:860:fc29:5000::1], $_SERVER['SERVER_NAME'] would contain "[2001".

Steps to Replicate:
1. Create this script:

<?php var_dump($_SERVER); ?>

2. Run the above script via IPv6.

Expected Result:
$_SERVER['SERVER_NAME'] should contain a valid IPv6 address.

mod_fastcgi.c.patch (698 Bytes) mod_fastcgi.c.patch simoncpu, 2012-03-16 12:01
mod_cgi.c.patch (681 Bytes) mod_cgi.c.patch simoncpu, 2012-03-16 12:01
patches (1.42 KB) patches simoncpu, 2012-03-16 13:15
server_name.patch (1.65 KB) server_name.patch simoncpu, 2012-03-22 12:24
server_name.patch (1.56 KB) server_name.patch simoncpu, 2012-03-22 12:34
server_name.patch (1.4 KB) server_name.patch simoncpu, 2012-03-22 12:58

Associated revisions

Revision 5677f174 (diff)
Added by stbuehler over 5 years ago

[mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2834 152afb58-edef-0310-8abb-c4023f1b3aa9

Revision 2834 (diff)
Added by stbuehler over 5 years ago

[mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu)

History

#1

Updated by stbuehler over 6 years ago

  • Target version set to 1.4.30

the bug is in the *cgi modules when they try to remove the port from the http_host var.
i'm not sure whether SERVER_NAME should wrap ipv6 addresses in [...]

#2

Updated by spaam over 6 years ago

How do apache and nginx do it ?

#3

Updated by simoncpu over 6 years ago

I don't have a working Apache setup right now, but it seems that they wrap IPv6 addresses in brackets too:

[[https://issues.apache.org/bugzilla/show_bug.cgi?id=26005]]

nginx, however, uses my machine's hostname if I don't set a server_name statement in the configuration.

#4

Updated by stbuehler about 6 years ago

  • Target version changed from 1.4.30 to 1.4.x
#5

Updated by simoncpu over 5 years ago

Attached are patches for mod_cgi.c and mod_fastcgi.c.

#6

Updated by stbuehler over 5 years ago

  • you can cat the patches into one file next time :)
  • i think these patches fail when you use dns names, like "Host: lighttpd.net:443" - lighttpd.net has an IPv6 address, so the socket type could be IPv6, but there is no [...]:443. i'd say if the first (non white-space?) char is '[' then search for ']:', otherwise for ':'. (this also means we can test it easier, as this doesn't depend on the socket type, just on the Host: header)
  • it would be very nice if you could add some test-cases for this, probably in the mod_fastcgi part.
#7

Updated by simoncpu over 5 years ago

(WARNING: This patch doesn't work if lighttpd uses the standard port 80. I'm still writing a correct fix. Thanks.)

#10

Updated by simoncpu over 5 years ago

lighttpd patch, take 5 hehehe:

This has been tested with:
- 192.0.2.1
- 192.0.2.1:8080
- [2001:DB8::1]
- [2001:DB8::1]:8080
- example.org (both IPv4 and IPv6)
- example.org:8080 (both IPv4 and IPv6)
- with and without --disable-ipv6

#11

Updated by stbuehler over 5 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2834.

#12

Updated by stbuehler over 5 years ago

  • Target version changed from 1.4.x to 1.4.31

Also available in: Atom