Project

General

Profile

Actions
Copy link

Bug #2333

closed

$_SERVER['SERVER_NAME'] returns an incorrect value when using IPv6

Added by simoncpu over 12 years ago. Updated about 12 years ago.

Status:
Fixed
Priority:
Normal
Category:
-
Target version:
1.4.31
ASK QUESTIONS IN Forums:

Description

Problem:
$_SERVER['SERVER_NAME'] returns an incorrect value when using IPv6. i.e., when accessing a site at http://[2001:860:fc29:5000::1], $_SERVER['SERVER_NAME'] would contain "[2001".

Steps to Replicate:
1. Create this script:

<?php var_dump($_SERVER); ?>

2. Run the above script via IPv6.

Expected Result:
$_SERVER['SERVER_NAME'] should contain a valid IPv6 address.

Files

Download all files
mod_fastcgi.c.patch (698 Bytes) mod_fastcgi.c.patch simoncpu, 2012-03-16 12:01
mod_cgi.c.patch (681 Bytes) mod_cgi.c.patch simoncpu, 2012-03-16 12:01
patches (1.42 KB) patches simoncpu, 2012-03-16 13:15
server_name.patch (1.65 KB) server_name.patch simoncpu, 2012-03-22 12:24
server_name.patch (1.56 KB) server_name.patch simoncpu, 2012-03-22 12:34
server_name.patch (1.4 KB) server_name.patch simoncpu, 2012-03-22 12:58
Actions
Copy link
 #1

Updated by stbuehler over 12 years ago

  • Target version set to 1.4.30

the bug is in the *cgi modules when they try to remove the port from the http_host var.
i'm not sure whether SERVER_NAME should wrap ipv6 addresses in [...]

Actions
Copy link
 #2

Updated by spaam over 12 years ago

How do apache and nginx do it ?

Actions
Copy link
 #3

Updated by simoncpu over 12 years ago

I don't have a working Apache setup right now, but it seems that they wrap IPv6 addresses in brackets too:

[[https://issues.apache.org/bugzilla/show_bug.cgi?id=26005]]

nginx, however, uses my machine's hostname if I don't set a server_name statement in the configuration.

Actions
Copy link
 #4

Updated by stbuehler over 12 years ago

  • Target version changed from 1.4.30 to 1.4.x
Actions
Copy link Download all files
 #5

Updated by simoncpu about 12 years ago

Attached are patches for mod_cgi.c and mod_fastcgi.c.

Actions
Copy link
 #6

Updated by stbuehler about 12 years ago

  • you can cat the patches into one file next time :)
  • i think these patches fail when you use dns names, like "Host: lighttpd.net:443" - lighttpd.net has an IPv6 address, so the socket type could be IPv6, but there is no [...]:443. i'd say if the first (non white-space?) char is '[' then search for ']:', otherwise for ':'. (this also means we can test it easier, as this doesn't depend on the socket type, just on the Host: header)
  • it would be very nice if you could add some test-cases for this, probably in the mod_fastcgi part.
Actions
Copy link
 #7

Updated by simoncpu about 12 years ago

(WARNING: This patch doesn't work if lighttpd uses the standard port 80. I'm still writing a correct fix. Thanks.)

Actions
Copy link
 #10

Updated by simoncpu about 12 years ago

lighttpd patch, take 5 hehehe:

This has been tested with:
- 192.0.2.1
- 192.0.2.1:8080
- [2001:DB8::1]
- [2001:DB8::1]:8080
- example.org (both IPv4 and IPv6)
- example.org:8080 (both IPv4 and IPv6)
- with and without --disable-ipv6

Actions
Copy link
 #11

Updated by stbuehler about 12 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2834.

Actions
Copy link
 #12

Updated by stbuehler about 12 years ago

  • Target version changed from 1.4.x to 1.4.31
Actions
Copy link

Also available in: Atom