Comments (6)
bagder
commented on June 18, 2024
1
The known_hosts format is a weakly specified format, I am not aware of any clear documentation or effort to specify how an IPv6 address should be canonicalized for it. I imagine that reading the OpenSSH source code to figure out what they do is the best way.
Also, the known hosts check is actually performed by the SSH library using the name curl passes to the library so if there is any massaging of the host name to be done, it should actually be done within the SSH library. Or the their knownhost APIs should document exactly how to provide IPv6 host names. Since I wrote the libssh2 one, I'm fairly sure it does not because it was not on my mind when I did that. Many years ago.
from curl.
bagder
commented on June 18, 2024
When curl parses a URL with an IPv6 numeral address, it canonicalizes it and converts it into the shortest possible version. Since a single IPv6 address can be written in a nearly infinite number of ways, this is a way to increase the chances that an IPv6 address ends up the same way independently of how it is provided.
You could argue that the known_hosts file format is notoriously bad for handling IPv6 addresses because of their "flexible" nature.
from curl.
Krisscut
commented on June 18, 2024
Yes I think it's fair to proceed this way, but maybe curl should also try to apply the same canonicalization on the ip listed in the known_hosts before comparing them to make sure they are in the same format ?
I don't know if there is a specification/documentation on how the ip should be formatted in the know_hosts file, maybe they should always be put in their short form in the first place. (Meaning it would be the responsibility of our app to canonicalize the ip)
from curl.
Krisscut
commented on June 18, 2024
Yes it's what I was checking in the code, indeed it seems I created the issue on the wrong component, sorry.
In our case with libssh2 it would happen here I guess:
Line 483 in def7d05
Then here:
Line 538 in def7d05
And the location where maybe some canonicalization could be added is here in libssh2:
https://github.com/libssh2/libssh2/blob/master/src/knownhost.c#L409
Do you think I should raise a new issue on libssh2 to go at the bottom of this ?
On my side I worked around for now by formatting the ipv6 in its shortest form in the know_hosts but I think semantically it should have worked as well without changes.
from curl.
bagder
commented on June 18, 2024
Do you think I should raise a new issue on libssh2 to go at the bottom of this ?
Yes, I think that is the right thing to do.
from curl.
bagder
commented on June 18, 2024
I think we do the right thing in curl. We should look into canonicalizing the IPv6 addresses inside libssh2.
from curl.
Related Issues (20)
- [BUG]: 8.8.0: fails to build with mbedtls HOT 5
- content length not available in header function, again HOT 4
- aws-sigv4 does not work with URLs containing "=" and other special characters HOT 3
- curl_multi_socket_action crashes occasionally HOT 4
- Download progress callback can be significantly delayed HOT 2
- Document that CURLOPT_SSL_VERIFYHOST applies to SSH HOT 1
- 8.8.0: Test 1553 (IMAP cleanup before a connection was created) appears flaky on some Gentoo systems HOT 9
- configure : Failed to find size of size_t HOT 8
- Regression: In 8.8.0, HTTP3 with QuicTLS errors out with "QUIC needs at least TLS version 1.3" with CURLOPT_SSLVERSION set as documented
- manpage paragraph incorrect indentation HOT 4
- Calling `curl_global_init` after `curl_global_cleanup` failed HOT 2
- ECH: SIGSEGV when use HTTP/3 HOT 21
- CURL 7.20.0 Form Data: When using curl_formadd to create a multipart request, the boundary delimiter is missing in the generated data. HOT 1
- Android has a broken CLOCK_MONOTONIC_RAW HOT 9
- WebSocket Failure Doesnt Clear socket. HOT 8
- No failure when the header file can't be written HOT 3
- Crash when using CURL_LOCK_DATA_CONNECT in Curl_conn_close at cfilters.c:165 HOT 3
- v8.8.0 - problem with `--write-out`: error 43 - A libcurl function was given a bad argument HOT 15
- Wrong time units of TCP keepalive options on DragonFlyBSD 5.8+
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curl.