Skip to content

fix(security): resolve IPv4 signed 32-bit integer overflow in SSRF pr…#3199

Open
desireddymohithreddy0925 wants to merge 5 commits into
Priyanshu-byte-coder:mainfrom
desireddymohithreddy0925:fix/ip-overflow-ssrf
Open

fix(security): resolve IPv4 signed 32-bit integer overflow in SSRF pr…#3199
desireddymohithreddy0925 wants to merge 5 commits into
Priyanshu-byte-coder:mainfrom
desireddymohithreddy0925:fix/ip-overflow-ssrf

Conversation

@desireddymohithreddy0925

Copy link
Copy Markdown
Contributor

Summary

Resolves a critical Server-Side Request Forgery (SSRF) bypass by fixing a signed 32-bit integer overflow in the IP parsing logic.

Closes #3118


Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue)
  • ✨ New feature (non-breaking change that adds functionality)
  • 💥 Breaking change (fix or feature that changes existing behavior)
  • 📝 Documentation update
  • ♻️ Refactor / code cleanup (no functional change)
  • ⚡ Performance improvement
  • 🔒 Security fix
  • 🧪 Tests only

What Changed

  • Updated the ipToNumber utility in src/lib/ssrf-protection.ts to construct IP numbers using safe unsigned multiplication (or >>> 0) instead of signed bitwise shifting.
  • This prevents values like 192.168.x.x and 172.16.x.x from wrapping into negative numbers, ensuring they are properly detected and blocked by the private IP range checks.

How to Test

  1. Attempt to pass 192.168.1.1 to the isPrivateIP check (or attempt to configure a webhook pointing to that IP).
  2. Verify that the IP is correctly identified as a private IP (isPrivateIP returns true).
  3. Attempt the same with 172.16.0.1 and verify it is also blocked.

Expected result: The vulnerability is patched and requests to internal network services are properly blocked.


Screenshots / Recordings

(Not applicable for this backend security fix)

@github-actions github-actions Bot added type:bug GSSoC type bonus: bug fix type:feature GSSoC type bonus: new feature type:performance GSSoC type bonus: performance (+15 pts) gssoc26 GSSoC 2026 contribution type:security GSSoC type bonus: security (+20 pts) labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

  • level:beginner — 20 pts
  • level:intermediate — 35 pts
  • level:advanced — 55 pts
  • level:critical — 80 pts

Quality (optional):

  • quality:clean — ×1.2 multiplier
  • quality:exceptional — ×1.5 multiplier

Validation (required to score):

  • gssoc:approved — counts for points
  • gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

@github-actions github-actions Bot added the type:devops GSSoC type bonus: devops (+15 pts) label Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gssoc26 GSSoC 2026 contribution type:bug GSSoC type bonus: bug fix type:devops GSSoC type bonus: devops (+15 pts) type:feature GSSoC type bonus: new feature type:performance GSSoC type bonus: performance (+15 pts) type:security GSSoC type bonus: security (+20 pts)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[SECURITY] JavaScript Signed 32-Bit Integer Overflow in IP Parsing Bypasses SSRF Protection for 192.168.x.x and 172.16.x.x

1 participant