Date: Tue, 23 Jan 2018 23:18:29 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org Subject: Re: Malicious URL ? https://[::]/ Message-ID: <86shawfccq.fsf@desk.des.no> In-Reply-To: <86wp08fcil.fsf@desk.des.no> ("Dag-Erling =?utf-8?Q?Sm=C3=B8r?= =?utf-8?Q?grav=22's?= message of "Tue, 23 Jan 2018 23:14:58 %2B0100") References: <nycvar.OFS.7.76.1801220930100.41328@mx.roble.com> <86wp08fcil.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > Basically the IPv6 equivalent of https://127.0.0.1/. =E2=80=9C[::]=E2=80= =9D is the > bracketed literal representation of the IPv6 localhost address. Hang on a sec =E2=80=94 localhost should be [::1], not [::], which is the equivalent of 0.0.0.0. My guess is a software bug. Jails look a little weird from the inside unless you use a fully virtualized network stack. The proxy probably doesn't have sufficient error checking around getpeername() or something like that. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86shawfccq.fsf>