You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2011/03/07 21:56:59 UTC
[jira] Resolved: (NET-306) SubnetUtils.SubnetInfo.isInRange is
BRAINDEAD (a.k.a. FUBAR)
[ https://issues.apache.org/jira/browse/NET-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebb resolved NET-306.
----------------------
Resolution: Fixed
> SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
> ------------------------------------------------------------
>
> Key: NET-306
> URL: https://issues.apache.org/jira/browse/NET-306
> Project: Commons Net
> Issue Type: Bug
> Affects Versions: 1.4
> Reporter: Dan Checkoway
> Priority: Critical
>
> org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally broken. It utterly ignores the fact that integer address values might be, um....negative?!
> SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
> SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
> String ip = "213.139.63.227";
> if (subnetInfo.isInRange(ip)) {
> System.out.println("YES, " + ip + " is in the range: " + subnetInfo.getCidrSignature());
> }
> else {
> System.out.println("NO, " + ip + " is not in the range: " + subnetInfo.getCidrSignature());
> }
> YES, 213.139.63.227 is in the range: 66.249.71.0/24
> ?!?! WTF !?!?!
> This is the culprit in SubnetUtils.java:
> private boolean isInRange(int address) { return ((address-low()) <= (high()-low())); }
> The integer values in the test case above are:
> 66.249.71.1 = 1123632897
> 66.249.71.254 = 1123633150
> 213.139.63.227 = -712294429
> So...you can see the issue (I hope). Please fix this by changing isInRange() to check if the given value is truly *BETWEEN* high and low values.
> Thank you!!
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira