Skip to content

IPV6 uri resolving creates invalid host #55085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Leptopoda opened this issue Mar 2, 2024 · 1 comment
Closed

IPV6 uri resolving creates invalid host #55085

Leptopoda opened this issue Mar 2, 2024 · 1 comment
Assignees
@lrhn
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-core type-bug Incorrect behavior (everything from a crash to more subtle misbehavior)

Comments

@Leptopoda
Copy link

Trying to resolve two IPV6 Uri's against each other yields in an invalid result:

void main() {
  final $base = Uri.parse('http://[::1]');
  final reference = Uri.parse("http://[::1]/core/img/logo/logo.svg?v=0");
  final resolved = $base.resolveUri(reference);

  print($base);     // http://[::1]
  print(reference); // http://[::1]/core/img/logo/logo.svg?v=0
  print(resolved);  // http://::1/core/img/logo/logo.svg?v=0
  
  Uri.parse('http://::1/core/img/logo/logo.svg?v=0');  // throws a FormatException 
}

I'd expect the resolved URI to also contain the brackets as defined in https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2.

A host identified by an Internet Protocol literal address, version 6
[RFC3513] or later, is distinguished by enclosing the IP literal
within square brackets ("[" and "]").

I've reproduced the issue on Dart 3.3.0 (stable) (Tue Feb 13 10:25:19 2024 +0000) on "linux_x64" and the current dartpad.
@lrhn lrhn added area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-io library-core and removed library-io labels Mar 4, 2024
@lrhn
Copy link
Member

lrhn commented Mar 4, 2024
edited
Loading

The reference is a fully qualified URI, so it shouldn't do anything during resolution, just use the existing values.
Seems it uses the "host name", not the host name source.

Generally, the host getter removes the [...] braces from IPv6 addresses, which some code isn't aware of. The resolveUri is one. I think == is another, because the reference == resolved is true, while their toString()s are different, and equality of URIs should match their toString, since that's what the hashCode is computed from.

This is a problem with the API. There is no public accessible and effective way to check whether the host is an IPv6 address. It's easy to check using private members, but resolveUri accepts any implementation of the interface Uri, so it cannot assume that the object implements _Uri or _SimpleUri.

The one option is to use the toString() method or authority accessor, and then parse the host name again, which is highly inefficient.

So, rather than doing that, it should probably recognize that an input is an IPv6 address, and rewrap it. That's easy to check, if thye text contains contains a :, it's an IPv6 address.
(So call _makeHost on it, with strictIPv6: false. Should we normalize other parts of the URI as well, if we can't assume that the argument URI was normalized?)

@lrhn lrhn self-assigned this Mar 4, 2024
@lrhn lrhn added the type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) label Mar 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lrhn lrhn

Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-core type-bug Incorrect behavior (everything from a crash to more subtle misbehavior)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lrhn @Leptopoda