IPv6 endpoint passed through the URL will crash

[gezihuzi]

Bug Report

Version

ambiguous_methods v0.1.0 (/Users/chen/source/tonic/tests/ambiguous_methods)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build)
codegen v0.1.0 (/Users/chen/source/tonic/codegen)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build)
compression v0.1.0 (/Users/chen/source/tonic/tests/compression)
├── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
default_stubs v0.1.0 (/Users/chen/source/tonic/tests/default_stubs)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
disable-comments v0.1.0 (/Users/chen/source/tonic/tests/disable_comments)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
examples v0.1.0 (/Users/chen/source/tonic/examples)
├── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
├── tonic-health v0.11.0 (/Users/chen/source/tonic/tonic-health)
│   └── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
├── tonic-reflection v0.11.0 (/Users/chen/source/tonic/tonic-reflection)
│   └── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
│   └── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
├── tonic-types v0.11.0 (/Users/chen/source/tonic/tonic-types)
│   └── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
├── tonic-web v0.11.0 (/Users/chen/source/tonic/tonic-web)
│   ├── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
included_service v0.1.0 (/Users/chen/source/tonic/tests/included_service)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
integration v0.1.0 (/Users/chen/source/tonic/tonic-web/tests/integration)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
└── tonic-web v0.11.0 (/Users/chen/source/tonic/tonic-web) (*)
integration-tests v0.1.0 (/Users/chen/source/tonic/tests/integration_tests)
├── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
interop v0.1.0 (/Users/chen/source/tonic/interop)
├── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
my_application v0.1.0 (/Users/chen/source/tonic/tests/extern_path/my_application)
├── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── uuid1 v0.1.0 (/Users/chen/source/tonic/tests/extern_path/uuid)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
root-crate-path v0.1.0 (/Users/chen/source/tonic/tests/root-crate-path)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
same_name v0.1.0 (/Users/chen/source/tonic/tests/same_name)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
service_named_result v0.1.0 (/Users/chen/source/tonic/tests/service_named_result)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
service_named_service v0.1.0 (/Users/chen/source/tonic/tests/service_named_service)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
stream_conflict v0.1.0 (/Users/chen/source/tonic/tests/stream_conflict)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
tonic-health v0.11.0 (/Users/chen/source/tonic/tonic-health) (*)
tonic-reflection v0.11.0 (/Users/chen/source/tonic/tonic-reflection) (*)
tonic-types v0.11.0 (/Users/chen/source/tonic/tonic-types) (*)
tonic-web v0.11.0 (/Users/chen/source/tonic/tonic-web) (*)
use_arc_self v0.1.0 (/Users/chen/source/tonic/tests/use_arc_self)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
uuid1 v0.1.0 (/Users/chen/source/tonic/tests/extern_path/uuid) (*)
wellknown v0.1.0 (/Users/chen/source/tonic/tests/wellknown)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)
wellknown-compiled v0.1.0 (/Users/chen/source/tonic/tests/wellknown-compiled)
└── tonic v0.11.0 (/Users/chen/source/tonic/tonic) (*)
└── tonic-build v0.11.0 (/Users/chen/source/tonic/tonic-build) (*)

Platform

Darwin Chen.local 23.4.0 Darwin Kernel Version 23.4.0: Fri Mar 15 00:10:42 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6000 arm64

Description

When I make a request to an local IPv6 endpoint using this code, the program crashes.

let dst = "https://[fd1b:aeaa:6cd1:1747:1403:a845:82e5:fcf6]:15220";
let verifier = Arc::new(NoVerifier());
let tls_config = ClientTlsConfig::new().verifier(verifier);
let endpoint = Channel::from_shared(dst)
        .map_err(|e| Error::InvalidUri(e.to_string()))?
        .tls_config(tls_config)?;
let channel = endpoint.connect().await?;

I found that the IpAddr cannot be parsed correctly because the parameter passed in when resolving the service address was not processed at all.

In the source code of tonic:

tonic/tonic/src/transport/channel/tls.rs

Lines 72 to 83 in 068421a

	pub(crate) fn tls_connector(&self, uri: Uri) -> Result<TlsConnector, crate::Error> {
	let domain = match &self.domain {
	Some(domain) => domain,
	None => uri.host().ok_or_else(Error::new_invalid_uri)?,
	};
	TlsConnector::new(
	self.cert.clone(),
	self.identity.clone(),
	domain,
	self.assume_http2,
	)
	}

The code here directly obtains the corresponding domain information through uri.host(). Then it is passed into TlsConnector::new.

After passing in the parameters, construct TlsConnector:

tonic/tonic/src/transport/service/tls.rs

Lines 37 to 71 in 068421a

	pub(crate) fn new(
	ca_cert: Option<Certificate>,
	identity: Option<Identity>,
	domain: &str,
	assume_http2: bool,
	) -> Result<Self, crate::Error> {
	let builder = ClientConfig::builder();
	let mut roots = RootCertStore::empty();
	#[cfg(feature = "tls-roots")]
	roots.add_parsable_certificates(rustls_native_certs::load_native_certs()?);
	#[cfg(feature = "tls-webpki-roots")]
	roots.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
	if let Some(cert) = ca_cert {
	add_certs_from_pem(&mut Cursor::new(cert), &mut roots)?;
	}
	let builder = builder.with_root_certificates(roots);
	let mut config = match identity {
	Some(identity) => {
	let (client_cert, client_key) = load_identity(identity)?;
	builder.with_client_auth_cert(client_cert, client_key)?
	}
	None => builder.with_no_client_auth(),
	};
	config.alpn_protocols.push(ALPN_H2.into());
	Ok(Self {
	config: Arc::new(config),
	domain: Arc::new(ServerName::try_from(domain)?.to_owned()),
	assume_http2,
	})
	}

In line 68 of the code, construct ServerName by passing parameters through ServerName::try_from. It crashes here.

The reason is that the domain information obtained by uri.host() includes [ and ], which prevents the IPv6 address from being resolved correctly here.