You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hc.apache.org by ol...@apache.org on 2020/09/29 07:42:17 UTC

[httpcomponents-client] branch 4.5.x updated: Incorrect handling of malformed authority component by URIUtils#extractHost

This is an automated email from the ASF dual-hosted git repository.

olegk pushed a commit to branch 4.5.x
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git


The following commit(s) were added to refs/heads/4.5.x by this push:
     new 67d1f97  Incorrect handling of malformed authority component by URIUtils#extractHost
67d1f97 is described below

commit 67d1f975034c02fdfa0aadd0c1df9bfe8ed47acd
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Tue Sep 29 09:37:38 2020 +0200

    Incorrect handling of malformed authority component by URIUtils#extractHost
---
 httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java     | 2 +-
 httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
index 8eb7667..cfd60db 100644
--- a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
+++ b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
@@ -428,7 +428,7 @@ public class URIUtils {
                 host = uri.getAuthority();
                 if (host != null) {
                     // Strip off any leading user credentials
-                    final int at = host.indexOf('@');
+                    final int at = host.lastIndexOf('@');
                     if (at >= 0) {
                         if (host.length() > at+1 ) {
                             host = host.substring(at+1);
diff --git a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
index 1899666..e821fec 100644
--- a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
+++ b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
@@ -281,6 +281,8 @@ public class TestURIUtils {
                 URIUtils.extractHost(new URI("http://:80/robots.txt")));
         Assert.assertEquals(null,
                 URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
+        Assert.assertEquals(new HttpHost("google.com", -1),
+                URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/")));
     }
 
     @Test