Skip to content

Reject IPv4-mapped/compatible IPv6 forms of local hosts as unsafe proxies#1697

Open
jax-0n-git wants to merge 1 commit into
osaurus-ai:mainfrom
jax-0n-git:fix/global-proxy-ipv4-mapped-ipv6-localhost
Open

Reject IPv4-mapped/compatible IPv6 forms of local hosts as unsafe proxies#1697
jax-0n-git wants to merge 1 commit into
osaurus-ai:mainfrom
jax-0n-git:fix/global-proxy-ipv4-mapped-ipv6-localhost

Conversation

@jax-0n-git

Copy link
Copy Markdown
Contributor

Summary

isLocalOnlyHost rejects loopback / link-local / this-network proxy endpoints in their IPv4 (127.0.0.1, 169.254.x) and plain-IPv6 (::1, fe80::/10) spellings, but the IPv6 branch only matched those literal shapes. The same machine-local endpoints written as IPv4-mapped (::ffff:127.0.0.1, ::ffff:169.254.1.1) or IPv4-compatible (::127.0.0.1) IPv6 addresses slipped through and were accepted as "safe" remote proxy hosts.

This decodes the embedded IPv4 address from the mapped (::ffff:a.b.c.d) and compatible (::a.b.c.d) forms and applies the same IPv4 local-host rules to it, via a shared isLocalOnlyIPv4 helper. The change only ever rejects more hosts (the fail-safe direction for a security guard); genuinely-remote addresses — including a public IPv4-mapped address like ::ffff:8.8.8.8 — stay accepted. The IPv4-compatible branch also rejects the reserved low ::0.x range as non-routable, which is the safe direction.

Coupling: open #1693 also edits GlobalProxyConfiguration.swift and adds the same OsaurusNetworkingTests target. Whichever lands second needs a trivial rebase to de-dupe the Package.swift test-target block; the test files have distinct names and don't conflict.

Changes

  • Bug fix (security: proxy host validation)
  • Tests

Test Plan

swift test in Packages/OsaurusNetworking (all green) + swift-format lint --strict clean. New test target covers the mapped/compatible local hosts (rejected after fix), the existing plain spellings (regression), and genuinely-remote hosts including a public IPv4-mapped address (still accepted). No MLX/GUI dependency.

…xies

`isLocalOnlyHost` rejected loopback / link-local / this-network proxy
endpoints in their IPv4 (`127.0.0.1`, `169.254.x`) and plain-IPv6 (`::1`,
`fe80::/10`) spellings, but the IPv6 branch only matched those literal
shapes. The same machine-local endpoints written as IPv4-mapped
(`::ffff:127.0.0.1`, `::ffff:169.254.1.1`) or IPv4-compatible
(`::127.0.0.1`) IPv6 addresses slipped through the check and were accepted
as "safe" remote proxy hosts.

Decode the embedded IPv4 address from the mapped (`::ffff:a.b.c.d`) and
compatible (`::a.b.c.d`) forms and apply the same IPv4 local-host rules to
it, via a shared `isLocalOnlyIPv4` helper. Adds a test target for
OsaurusNetworking with coverage for the mapped/compatible local hosts, the
existing plain spellings (regression), and genuinely-remote hosts
(including a public IPv4-mapped address, which must still be accepted).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant