Fix addrv2 address validation #2479
Open
+133
−24
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This issue was discovered through differential fuzzing between btcd and Bitcoin Core. Add detection and filtering of IPv6 ORCHIDv2 addresses as defined by RFC7343 (2001:20::/28). These addresses are overlay routable cryptographic hash identifiers and should not be treated as routable peer addresses, consistent with Bitcoin Core's behavior. Changes: - Add rfc7343Net variable for the 2001:20::/28 address block - Add IsRFC7343() function to detect ORCHIDv2 addresses - Update IsRoutable() to exclude RFC7343 addresses - Add comprehensive test coverage for RFC7343 detection - Fix incorrect error message in TestIPTypes (IsRFC1918 -> IsRFC6145)
Member
|
CI run approved. |
Pull Request Test Coverage Report for Build 21297762383Details
💛 - Coveralls |
Roasbeef
requested changes
Feb 5, 2026
Member
Roasbeef
left a comment
Roasbeef
left a comment
There was a problem hiding this comment.
Thanks for this PR!
Change looks good, one minor nit that can save a hand full of lines in the diff.
This issue was discovered through differential fuzzing between btcd and Bitcoin Core. IPv4-mapped IPv6 addresses (::ffff:0:0/96, RFC 4291) sent with networkID 0x02 (IPv6) in addrv2 messages are now properly rejected. Per BIP155, these addresses should use networkID 0x01 (IPv4) instead. This aligns btcd's behavior with Bitcoin Core's addrv2 handling. Changes: - Add ipv4MappedPrefix constant for the ::ffff:0:0/96 prefix - Add isIPv4Mapped() helper function to detect these addresses - Update readNetAddressV2() to skip IPv4-mapped addresses with IPv6 networkID - Add comprehensive test coverage for IPv4-mapped address detection
erickcestari
force-pushed
the
fix-addrv2-address-validation
branch
from
011f8fa to
37d8163
Compare
Author
Thanks for the review Roasbeef! It should be good now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes two address validation issues discovered through differential fuzzing between btcd and Bitcoin Core. Both issues relate to addresses that should be rejected or treated as unroutable but were being accepted by btcd.
1. Treat RFC7343 (ORCHIDv2) addresses as unroutable
IPv6 ORCHIDv2 addresses (2001:20::/28) defined by RFC7343 are overlay routable cryptographic hash identifiers. These should not be treated as valid peer addresses, consistent with Bitcoin Core's behavior.
2. Skip IPv4-mapped IPv6 addresses in addrv2 messages
IPv4-mapped IPv6 addresses (::ffff:0:0/96, RFC 4291) sent with networkID 0x02 (IPv6) in addrv2 messages are now rejected. These addresses represent IPv4 addresses embedded in IPv6 format and should not be gossiped as IPv6 in addrv2; the canonical encoding for IPv4 addresses uses networkID
0x01with a 4-byte address. This matches Bitcoin Core's behavior.