run hack/update-netparse-cve.sh

Kubernetes-commit: 0cd75e8fec62a2531637e80bb950ac9983cac1b0

util/cert/cert.go

@@ -33,6 +33,7 @@ import (
 	"time"
 
 	"k8s.io/client-go/util/keyutil"
+	netutils "k8s.io/utils/net"
 )
 
 const duration365d = time.Hour * 24 * 365
@@ -157,7 +158,7 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
 		BasicConstraintsValid: true,
 	}
 
-	if ip := net.ParseIP(host); ip != nil {
+	if ip := netutils.ParseIPSloppy(host); ip != nil {
 		template.IPAddresses = append(template.IPAddresses, ip)
 	} else {
 		template.DNSNames = append(template.DNSNames, host)

util/cert/csr_test.go

@@ -25,6 +25,7 @@ import (
 	"testing"
 
 	"k8s.io/client-go/util/keyutil"
+	netutils "k8s.io/utils/net"
 )
 
 func TestMakeCSR(t *testing.T) {
@@ -33,7 +34,7 @@ func TestMakeCSR(t *testing.T) {
 		CommonName: "kube-worker",
 	}
 	dnsSANs := []string{"localhost"}
-	ipSANs := []net.IP{net.ParseIP("127.0.0.1")}
+	ipSANs := []net.IP{netutils.ParseIPSloppy("127.0.0.1")}
 
 	keyData, err := ioutil.ReadFile(keyFile)
 	if err != nil {

util/certificate/certificate_manager_test.go

@@ -38,6 +38,7 @@ import (
 	"k8s.io/client-go/kubernetes/fake"
 	certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
 	clienttesting "k8s.io/client-go/testing"
+	netutils "k8s.io/utils/net"
 )
 
 var storeCertData = newCertificateData(`-----BEGIN CERTIFICATE-----
@@ -394,11 +395,11 @@ func TestCertSatisfiesTemplate(t *testing.T) {
 			name: "Missing IP addresses in certificate",
 			cert: &x509.Certificate{
 				Subject:     pkix.Name{},
-				IPAddresses: []net.IP{net.ParseIP("192.168.1.1")},
+				IPAddresses: []net.IP{netutils.ParseIPSloppy("192.168.1.1")},
 			},
 			template: &x509.CertificateRequest{
 				Subject:     pkix.Name{},
-				IPAddresses: []net.IP{net.ParseIP("192.168.1.1"), net.ParseIP("192.168.1.2")},
+				IPAddresses: []net.IP{netutils.ParseIPSloppy("192.168.1.1"), netutils.ParseIPSloppy("192.168.1.2")},
 			},
 			shouldSatisfy: false,
 		},
@@ -406,11 +407,11 @@ func TestCertSatisfiesTemplate(t *testing.T) {
 			name: "Extra IP addresses in certificate",
 			cert: &x509.Certificate{
 				Subject:     pkix.Name{},
-				IPAddresses: []net.IP{net.ParseIP("192.168.1.1"), net.ParseIP("192.168.1.2")},
+				IPAddresses: []net.IP{netutils.ParseIPSloppy("192.168.1.1"), netutils.ParseIPSloppy("192.168.1.2")},
 			},
 			template: &x509.CertificateRequest{
 				Subject:     pkix.Name{},
-				IPAddresses: []net.IP{net.ParseIP("192.168.1.1")},
+				IPAddresses: []net.IP{netutils.ParseIPSloppy("192.168.1.1")},
 			},
 			shouldSatisfy: true,
 		},
@@ -422,7 +423,7 @@ func TestCertSatisfiesTemplate(t *testing.T) {
 					Organization: []string{"system:nodes"},
 				},
 				DNSNames:    []string{"foo.example.com"},
-				IPAddresses: []net.IP{net.ParseIP("192.168.1.1")},
+				IPAddresses: []net.IP{netutils.ParseIPSloppy("192.168.1.1")},
 			},
 			template: &x509.CertificateRequest{
 				Subject: pkix.Name{
@@ -430,7 +431,7 @@ func TestCertSatisfiesTemplate(t *testing.T) {
 					Organization: []string{"system:nodes"},
 				},
 				DNSNames:    []string{"foo.example.com"},
-				IPAddresses: []net.IP{net.ParseIP("192.168.1.1")},
+				IPAddresses: []net.IP{netutils.ParseIPSloppy("192.168.1.1")},
 			},
 			shouldSatisfy: true,
 		},