|
|
|
|
|
|
by GuidoW
1910 days ago
|
|
|
The problem is that the input is parsed twice. First by the netmask function that reads 0127 as 127 and the second time by the js-network stack code that reads it differently. The solution is not to change netmask to ignore leading zeros. The solution is to parse it into 4 uint8 values, validate the netblock on the numeric values and if the range is approved, generate the ip-address from your four numbers. That way you know for sure that the js-network stack is going to interpret it as you intend. There are some beautiful (horrifying) examples in this presentation:
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-Ne... |
|
|