diff --git a/lib/SimpleSAML/Utils/Net.php b/lib/SimpleSAML/Utils/Net.php
index 22082b79d57601e6adb0f29151ab4ba5ee7c542a..4cf2c83c64d1665b53e4057fe6bcdf640f76ba1b 100644
--- a/lib/SimpleSAML/Utils/Net.php
+++ b/lib/SimpleSAML/Utils/Net.php
@@ -20,7 +20,7 @@ class Net
*
* @author Andreas Ă…kre Solberg, UNINETT AS <andreas.solberg@uninett.no>
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
- * @author Brook Schofield, TERENA
+ * @author Brook Schofield, GÉANT
* @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
*/
static function ipCIDRcheck($cidr, $ip = null)
@@ -38,11 +38,11 @@ class Net
// Validate IPv6 with inet_pton, convert to hex with bin2hex
// then store as a long with hexdec
- $ip_pack = inet_pton($ip);
- $net_pack = inet_pton($net);
+ $ip_pack = @inet_pton($ip);
+ $net_pack = @inet_pton($net);
if ($ip_pack === false || $net_pack === false) {
- // not valid IPv6 address (warning already issued)
+ // not valid IPv6 address (warning silenced)
return false;
}
diff --git a/tests/Utils/NetTest.php b/tests/Utils/NetTest.php
index 7632802273b3b8e57a4c8d64eb1f4081d23cc3e7..067baa612c041ab8704917611296e971cb0a7439 100644
--- a/tests/Utils/NetTest.php
+++ b/tests/Utils/NetTest.php
@@ -39,4 +39,39 @@ class Utils_Net_Test extends PHPUnit_Framework_TestCase
$this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('127.0.0.0/23', '127.0.1.256'));
$this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('127.0.0.0/23', '127.0.2.0'));
}
-}
\ No newline at end of file
+
+ public function testIpv6CIDRcheck()
+ {
+ // check CIDR w/o mask
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::', '2001:0DB8::1'));
+
+ // check wrong CIDR w/ mask
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/128', '2001:0DB8::1'));
+
+ // check wrong IP
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/128', '2001:0DB8::Z'));
+
+ // check limits for standard classes
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/128', '2001:0DB8:0000:0000:0000:0000:0000:0000'));
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/128', '2001:0DB8::0'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/128', '2001:0DB8::1'));
+
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/112', '2001:0DB8::1'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/112', '2001:0DB8::1:1'));
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/112', '2001:0DB8::FFFF'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/112', '2001:0DB8::1:FFFF'));
+
+ // check limits for non-standard classes
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/108', '2001:0DB8::1:1'));
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/108', '2001:0DB8::F:1'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/108', '2001:0DB8::FF:1'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/108', '2001:0DB8::1FF:1'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/108', '2001:0DB8::FFFF:1'));
+
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/104', '2001:0DB8::1:1'));
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/104', '2001:0DB8::F:1'));
+ $this->assertTrue(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/104', '2001:0DB8::FF:1'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/104', '2001:0DB8::1FF:1'));
+ $this->assertFalse(SimpleSAML\Utils\Net::ipCIDRcheck('2001:0DB8::/104', '2001:0DB8::FFFF:1'));
+ }
+}