error while trying to store ipv6 address for authenticated user into a MySQL database.
[AuthMe] Error during SQL operation: [MysqlDataTruncation]: Data truncation: Data too long for column 'ip' at row 1
for example, a user may join with an ipv6 address of [d82e:b902:18db:2bf3:9f59:cfda:75af:8584], compared to an example ipv4 address of 54.175.226.192, the address is different in size and formatting.
Versions:
AuthMeReloaded v5.4.0 (build: 1877)
mysql Ver 14.14 Distrib 5.7.25, for Linux (x86_64) using EditLine wrapper
from a security point of view, keep in mind that ipv6 addresses have a prefix and a suffix.
the prefix is given out by the ISP, while the suffix can be changed at will by device.
if an IP addresses is used to limit(say registration), i suggest only the prefix of ipv6 be used.
the prefix can be gotten by some regex.
there are multiple different ipv6 representations to go along.
I think the problem is : with your example, we maybe try to add '[' and ']' characters onto database too (maybe? we need to do some tests about that)
The ip columns current type are all VARCHAR(40), since ipv4 are 15 characters long (max) and ipv6 are 39 characters long (max)
Take a look into :
https://github.com/AuthMe/AuthMeReloaded/blob/master/src/main/java/fr/xephi/authme/datasource/MySQL.java#L193
https://github.com/AuthMe/AuthMeReloaded/blob/master/src/main/java/fr/xephi/authme/datasource/MySQL.java#L211
By the way, it seems we can have a problem when the type is ipv4 mapped ipv6, we could have : 0000:0000:0000:0000:0000:ffff:255.255.255.255 which could be 45 characters long (max), i'll take a look if we try to store that kind of ip and check if we can do a fix for this specific case
Thanks for the report, we'll update this issue when we have some news
i've got some new flashy regex that can be used.
the output of the ^\[?(?:(?:(?:0000:){5}|::)ffff:)?([\w:.]*) can be considered the "real ip", and can be stored in sql. (reads ipv4-6 mappings and strips [brackets])
the output of the ^\[?(?:(?:(?:0000:){5}|::)ffff:|fe80:(?:(?:0000:){3}|:))?((?:\w{1,4}[:.]){0,3}\w{1,4}|[\w:.]*) can be used for limiters, such as registration/etc. (same as filter 1, only prefix of global ipv6 and suffix of link-local ipv6)
the wanted output will be in regex match group 1.
Most helpful comment
I think the problem is : with your example, we maybe try to add '[' and ']' characters onto database too (maybe? we need to do some tests about that)
The ip columns current type are all VARCHAR(40), since ipv4 are 15 characters long (max) and ipv6 are 39 characters long (max)
Take a look into :
https://github.com/AuthMe/AuthMeReloaded/blob/master/src/main/java/fr/xephi/authme/datasource/MySQL.java#L193
https://github.com/AuthMe/AuthMeReloaded/blob/master/src/main/java/fr/xephi/authme/datasource/MySQL.java#L211
By the way, it seems we can have a problem when the type is ipv4 mapped ipv6, we could have :
0000:0000:0000:0000:0000:ffff:255.255.255.255which could be 45 characters long (max), i'll take a look if we try to store that kind of ip and check if we can do a fix for this specific caseThanks for the report, we'll update this issue when we have some news