[FFmpeg-devel] [PATCH] avformat/http: Handle IPv6 Zone ID in hostname

Mon Jun 2 23:29:36 EEST 2025

Le torstaina 22. toukokuuta 2025, 21.38.32 Itä-Euroopan kesäaika Marvin Scholz 
a écrit :
> When using a literal IPv6 address as hostname,
> it can contain a Zone ID
> especially in the case of link-local addresses. Sending this to the
> server in the Host header is not useful to the server and in some cases
> servers refuse such requests.
> 
> To prevent any such issues, strip the Zone ID from the address if it's
> an IPv6 address. This also removes it for the Cookies lookup.
> 
> Based on a patch by: Daniel N Pettersson <danielnp at axis.com>
> ---
>  libavformat/http.c | 60 +++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 59 insertions(+), 1 deletion(-)
> 
> diff --git a/libavformat/http.c b/libavformat/http.c
> index f7b2a8a029..3bde616b43 100644
> --- a/libavformat/http.c
> +++ b/libavformat/http.c
> @@ -24,6 +24,7 @@
>  #include "config.h"
>  #include "config_components.h"
> 
> +#include <string.h>
>  #include <time.h>
>  #if CONFIG_ZLIB
>  #include <zlib.h>
> @@ -209,6 +210,63 @@ void ff_http_init_auth_state(URLContext *dest, const
> URLContext *src) sizeof(HTTPAuthState));
>  }
> 
> +static bool host_is_numeric_ipv6(const char *host)
> +{
> +    bool res = false;
> +#if defined(AF_INET6)
> +    struct addrinfo hints = { .ai_flags = AI_NUMERICHOST }, *ai;
> +    if (getaddrinfo(host, NULL, &hints, &ai) == 0) {
> +        if (ai->ai_family == AF_INET6)
> +            res = true;
> +        freeaddrinfo(ai);
> +    }
> +#else
> +    // Just guess based on if the host contains a ':'
> +    if (strchr(host, ':') != NULL)
> +        res = true;
> +#endif
> +    return res;
> +}

At least in a URL, the distinction is done by the presence of surrounding 
brackets, not actually parsing the address. And on the flip side, to my 
knowledge, there are no guarantees that getaddrinfo() even copes well with 
scope IDs. That's platform-dependent.

> +
> +/**
> + * Copy the normalized host to the given buffer
> + *
> + * If the host is a normal hostname, this just returns
> + * host:port. However in case of an IPv6 address, it
> + * ensures proper escaping with [] and removes the
> + * zone identifier, if any, making the return suitable
> + * for example for use in the HTTP Host header.
> + */
> +static unsigned copy_normalized_host(char *out, unsigned size,
> +                               const char *host, const int port)
> +{
> +    AVBPrint bp;
> +    av_bprint_init_for_buffer(&bp, out, size);
> +
> +    if (host_is_numeric_ipv6(host)) {
> +        // This is an IPv6 address, so we need to strip the Zone ID,
> +        // if any.
> +        // While technically we could have percent encoding even in
> +        // the Zone ID, this doesn't seem to be a relevant case in
> +        // the real world on any platform.
> +        char *percent = strrchr(host, '%');

Uh, doesn't Linux actually use % in interface names sometimes?

> +        if (percent) {
> +            int len = (percent - host);
> +            av_bprintf(&bp, "[%.*s]", len, host);
> +        } else {
> +            av_bprintf(&bp, "[%s]", host);
> +        }
> +    } else {
> +        // Host is not an IPv6 address, so just use as-is
> +        av_bprintf(&bp, "%s", host);
> +    }

This looks like reverse abstraction and kinda sketchy. How do you end up with 
a scope ID in the input?

While it's true that it shouldn't be sent to the server, it's also so that it 
shouldn't appear in the URL. In other words, it should have been stripped 
earlier than the HTTP input module. The Host field should be the same as the 
host in the absolute URL.

-- 
Rémi Denis-Courmont
Villeneuve de Tapiola, ex-République finlandaise d´Uusimaa