Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE

3 files changed, 31 insertions, 42 deletions

diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index 521fb50a3a..39a035f3af 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -704,8 +704,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 			if (flags & FILTER_FLAG_NO_PRIV_RANGE) {
 				if (
 					(ip[0] == 10) ||
-					(ip[0] == 169 && ip[1] == 254) ||
-					(ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
+					(ip[0] == 172 && ip[1] >= 16 && ip[1] <= 31) ||
 					(ip[0] == 192 && ip[1] == 168)
 				) {
 					RETURN_VALIDATION_FAILED
@@ -715,19 +714,9 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 			if (flags & FILTER_FLAG_NO_RES_RANGE) {
 				if (
 					(ip[0] == 0) ||
-					(ip[0] == 10) ||
-					(ip[0] == 100 && (ip[1] >= 64 && ip[1] <= 127)) ||
+					(ip[0] >= 240) ||
 					(ip[0] == 127) ||
-					(ip[0] == 169 && ip[1] == 254) ||
-					(ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
-					(ip[0] == 192 && ip[1] == 0 && ip[2] == 0) ||
-					(ip[0] == 192 && ip[1] == 0 && ip[2] == 2) ||
-					(ip[0] == 192 && ip[1] == 88 && ip[2] == 99) ||
-					(ip[0] == 192 && ip[1] == 168) ||
-					(ip[0] == 198 && (ip[1] == 18 || ip[1] == 19)) ||
-					(ip[0] == 198 && ip[1] == 51 && ip[2] == 100) ||
-					(ip[0] == 203 && ip[1] == 0 && ip[2] == 113) ||
-					(ip[0] >= 224 && ip[0] <= 255)
+					(ip[0] == 169 && ip[1] == 254)
 				) {
 					RETURN_VALIDATION_FAILED
 				}
diff --git a/ext/filter/tests/018.phpt b/ext/filter/tests/018.phpt
index 11d7fc64ef..833500fd33 100644
--- a/ext/filter/tests/018.phpt
+++ b/ext/filter/tests/018.phpt
@@ -41,9 +41,9 @@ string(9) "127.0.0.1"
 bool(false)
 string(12) "192.0.34.166"
 bool(false)
-bool(false)
-bool(false)
-bool(false)
+string(9) "192.0.0.1"
+string(10) "100.64.0.0"
+string(15) "100.127.255.255"
 string(12) "192.0.34.166"
 bool(false)
 string(15) "255.255.255.255"
diff --git a/ext/filter/tests/filter_ipv4_rfc6890.phpt b/ext/filter/tests/filter_ipv4_rfc6890.phpt
index cfd9f8dc07..b1920c762d 100644
--- a/ext/filter/tests/filter_ipv4_rfc6890.phpt
+++ b/ext/filter/tests/filter_ipv4_rfc6890.phpt
@@ -85,8 +85,8 @@ string(10) "10.0.0.0/8"
 bool(false)
 bool(false)
 string(14) "168.254.0.0/16"
-bool(false)
-bool(false)
+string(11) "169.254.0.0"
+string(15) "169.254.255.255"
 string(13) "172.16.0.0/12"
 bool(false)
 bool(false)
@@ -94,11 +94,11 @@ string(14) "192.168.0.0/16"
 bool(false)
 bool(false)
 string(10) "10.0.0.0/8"
-bool(false)
-bool(false)
+string(8) "10.0.0.0"
+string(14) "10.255.255.255"
 string(12) "10.64.0.0/10"
-bool(false)
-bool(false)
+string(10) "100.64.0.0"
+string(15) "100.127.255.255"
 string(11) "127.0.0.0/8"
 bool(false)
 bool(false)
@@ -106,32 +106,32 @@ string(14) "169.254.0.0/16"
 bool(false)
 bool(false)
 string(13) "172.16.0.0/12"
-bool(false)
-bool(false)
+string(10) "172.16.0.0"
+string(10) "172.31.0.0"
 string(12) "192.0.0.0/24"
-bool(false)
-bool(false)
+string(9) "192.0.0.0"
+string(11) "192.0.0.255"
 string(12) "192.0.0.0/29"
-bool(false)
-bool(false)
+string(9) "192.0.0.0"
+string(9) "192.0.0.7"
 string(12) "192.0.2.0/24"
-bool(false)
-bool(false)
+string(9) "192.0.2.0"
+string(11) "192.0.2.255"
 string(13) "198.18.0.0/15"
-bool(false)
-bool(false)
+string(10) "198.18.0.0"
+string(14) "198.19.255.255"
 string(15) "198.51.100.0/24"
-bool(false)
-bool(false)
+string(12) "198.51.100.0"
+string(14) "198.51.100.255"
 string(14) "192.88.99.0/24"
-bool(false)
-bool(false)
+string(11) "192.88.99.0"
+string(13) "192.88.99.255"
 string(14) "192.168.0.0/16"
-bool(false)
-bool(false)
+string(11) "192.168.0.0"
+string(15) "192.168.255.255"
 string(14) "203.0.113.0/24"
-bool(false)
-bool(false)
+string(11) "203.0.113.0"
+string(13) "203.0.113.255"
 string(11) "240.0.0.0/4"
-bool(false)
+string(9) "224.0.0.0"
 bool(false)