[5.1.x] Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation.

Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz Felisiak for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-10-31 09:41:08 +00:00 · 2024-12-11 21:39:32 -05:00
parent d6749de927
commit 4806731e58
9 changed files with 131 additions and 14 deletions
--- a/tests/forms_tests/field_tests/test_genericipaddressfield.py
+++ b/tests/forms_tests/field_tests/test_genericipaddressfield.py
@@ -1,6 +1,7 @@
 from django.core.exceptions import ValidationError
 from django.forms import GenericIPAddressField
 from django.test import SimpleTestCase
+from django.utils.ipv6 import MAX_IPV6_ADDRESS_LENGTH


 class GenericIPAddressFieldTest(SimpleTestCase):
@@ -125,6 +126,35 @@ class GenericIPAddressFieldTest(SimpleTestCase):
        ):
            f.clean("1:2")

+    def test_generic_ipaddress_max_length_custom(self):
+        # Valid IPv4-mapped IPv6 address, len 45.
+        addr = "0000:0000:0000:0000:0000:ffff:192.168.100.228"
+        f = GenericIPAddressField(max_length=len(addr))
+        f.clean(addr)
+
+    def test_generic_ipaddress_max_length_validation_error(self):
+        # Valid IPv4-mapped IPv6 address, len 45.
+        addr = "0000:0000:0000:0000:0000:ffff:192.168.100.228"
+
+        cases = [
+            ({}, MAX_IPV6_ADDRESS_LENGTH),  # Default value.
+            ({"max_length": len(addr) - 1}, len(addr) - 1),
+        ]
+        for kwargs, max_length in cases:
+            max_length_plus_one = max_length + 1
+            msg = (
+                f"Ensure this value has at most {max_length} characters (it has "
+                f"{max_length_plus_one}).'"
+            )
+            with self.subTest(max_length=max_length):
+                f = GenericIPAddressField(**kwargs)
+                with self.assertRaisesMessage(ValidationError, msg):
+                    f.clean("x" * max_length_plus_one)
+                with self.assertRaisesMessage(
+                    ValidationError, "This is not a valid IPv6 address."
+                ):
+                    f.clean(addr)
+
    def test_generic_ipaddress_as_generic_not_required(self):
        f = GenericIPAddressField(required=False)
        self.assertEqual(f.clean(""), "")
@@ -150,7 +180,8 @@ class GenericIPAddressFieldTest(SimpleTestCase):
            f.clean(" fe80::223:6cff:fe8a:2e8a "), "fe80::223:6cff:fe8a:2e8a"
        )
        self.assertEqual(
-            f.clean(" 2a02::223:6cff:fe8a:2e8a "), "2a02::223:6cff:fe8a:2e8a"
+            f.clean(" " * MAX_IPV6_ADDRESS_LENGTH + " 2a02::223:6cff:fe8a:2e8a "),
+            "2a02::223:6cff:fe8a:2e8a",
        )
        with self.assertRaisesMessage(
            ValidationError, "'This is not a valid IPv6 address.'"
--- a/tests/utils_tests/test_ipv6.py
+++ b/tests/utils_tests/test_ipv6.py
@@ -1,9 +1,16 @@
-import unittest
+import traceback
+from io import StringIO

-from django.utils.ipv6 import clean_ipv6_address, is_valid_ipv6_address
+from django.core.exceptions import ValidationError
+from django.test import SimpleTestCase
+from django.utils.ipv6 import (
+    MAX_IPV6_ADDRESS_LENGTH,
+    clean_ipv6_address,
+    is_valid_ipv6_address,
+)


-class TestUtilsIPv6(unittest.TestCase):
+class TestUtilsIPv6(SimpleTestCase):
    def test_validates_correct_plain_address(self):
        self.assertTrue(is_valid_ipv6_address("fe80::223:6cff:fe8a:2e8a"))
        self.assertTrue(is_valid_ipv6_address("2a02::223:6cff:fe8a:2e8a"))
@@ -64,3 +71,21 @@ class TestUtilsIPv6(unittest.TestCase):
        self.assertEqual(
            clean_ipv6_address("::ffff:18.52.18.52", unpack_ipv4=True), "18.52.18.52"
        )
+
+    def test_address_too_long(self):
+        addresses = [
+            "0000:0000:0000:0000:0000:ffff:192.168.100.228",  # IPv4-mapped IPv6 address
+            "0000:0000:0000:0000:0000:ffff:192.168.100.228%123456",  # % scope/zone
+            "fe80::223:6cff:fe8a:2e8a:1234:5678:00000",  # MAX_IPV6_ADDRESS_LENGTH + 1
+        ]
+        msg = "This is the error message."
+        value_error_msg = "Unable to convert %s to an IPv6 address (value too long)."
+        for addr in addresses:
+            with self.subTest(addr=addr):
+                self.assertGreater(len(addr), MAX_IPV6_ADDRESS_LENGTH)
+                self.assertEqual(is_valid_ipv6_address(addr), False)
+                with self.assertRaisesMessage(ValidationError, msg) as ctx:
+                    clean_ipv6_address(addr, error_message=msg)
+                exception_traceback = StringIO()
+                traceback.print_exception(ctx.exception, file=exception_traceback)
+                self.assertIn(value_error_msg % addr, exception_traceback.getvalue())