You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by se...@apache.org on 2013/04/04 15:53:56 UTC

svn commit: r1464551 - in /httpcomponents/httpclient/branches/4.2.x: RELEASE_NOTES.txt httpclient/src/main/java/org/apache/http/conn/util/InetAddressUtils.java httpclient/src/test/java/org/apache/http/conn/util/TestInetAddressUtils.java

Author: sebb
Date: Thu Apr  4 13:53:56 2013
New Revision: 1464551

URL: http://svn.apache.org/r1464551
Log:
HTTPCLIENT-1319 InetAddressUtils.isIPv6HexCompressedAddress does not detect excess groups

Modified:
    httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt
    httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/util/InetAddressUtils.java
    httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/util/TestInetAddressUtils.java

Modified: httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt?rev=1464551&r1=1464550&r2=1464551&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt Thu Apr  4 13:53:56 2013
@@ -1,6 +1,9 @@
 Changes since Release 4.2.3
 -------------------
 
+* [HTTPCLIENT-1319] InetAddressUtils.isIPv6HexCompressedAddress does not detect excess groups 
+  Contributed Sebastian Bazley <sebb at apache.org>.
+
 * [HTTPCLIENT-1299] (regression) cache incorrectly disposes of the underlying cache resource 
   when storing variant entry.
   Contributed by Oleg Kalnichevski <olegk at apache.org>

Modified: httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/util/InetAddressUtils.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/util/InetAddressUtils.java?rev=1464551&r1=1464550&r2=1464551&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/util/InetAddressUtils.java (original)
+++ httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/util/InetAddressUtils.java Thu Apr  4 13:53:56 2013
@@ -54,18 +54,56 @@ public class InetAddressUtils {
         Pattern.compile(
                 "^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$");
 
+    /*
+     *  The above pattern is not totally rigorous as it allows for more than 7 hex fields in total 
+     */   
+    private static final char COLON_CHAR = ':';
+
+    // Must not have more than 7 colons (i.e. 8 fields)
+    private static final int MAX_COLON_COUNT = 7;
+
+    /**
+     * Checks whether the parameter is a valid IPv4 address
+     * 
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid IPv4 address
+     */
     public static boolean isIPv4Address(final String input) {
         return IPV4_PATTERN.matcher(input).matches();
     }
 
+    /**
+     * Checks whether the parameter is a valid standard (non-compressed) IPv6 address
+     * 
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid standard (non-compressed) IPv6 address
+     */
     public static boolean isIPv6StdAddress(final String input) {
         return IPV6_STD_PATTERN.matcher(input).matches();
     }
 
+    /**
+     * Checks whether the parameter is a valid compressed IPv6 address
+     * 
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid compressed IPv6 address
+     */
     public static boolean isIPv6HexCompressedAddress(final String input) {
-        return IPV6_HEX_COMPRESSED_PATTERN.matcher(input).matches();
+        int colonCount = 0;
+        for(int i = 0; i < input.length(); i++) {
+            if (input.charAt(i) == COLON_CHAR) {
+                colonCount++;
+            }
+        }
+        return  colonCount <= MAX_COLON_COUNT && IPV6_HEX_COMPRESSED_PATTERN.matcher(input).matches();
     }
 
+    /**
+     * Checks whether the parameter is a valid IPv6 address (including compressed).
+     * 
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid standard or compressed IPv6 address
+     */
     public static boolean isIPv6Address(final String input) {
         return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input);
     }

Modified: httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/util/TestInetAddressUtils.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/util/TestInetAddressUtils.java?rev=1464551&r1=1464550&r2=1464551&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/util/TestInetAddressUtils.java (original)
+++ httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/util/TestInetAddressUtils.java Thu Apr  4 13:53:56 2013
@@ -54,15 +54,32 @@ public class TestInetAddressUtils {
     public void testValidIPv6Address() {
         Assert.assertTrue(InetAddressUtils.isIPv6StdAddress("2001:0db8:0000:0000:0000:0000:1428:57ab"));
         Assert.assertTrue(InetAddressUtils.isIPv6StdAddress("2001:db8:0:0:0:0:1428:57ab"));
+        Assert.assertTrue(InetAddressUtils.isIPv6StdAddress("0:0:0:0:0:0:0:0"));
         Assert.assertTrue(InetAddressUtils.isIPv6HexCompressedAddress("2001:0db8:0:0::1428:57ab"));
         Assert.assertTrue(InetAddressUtils.isIPv6HexCompressedAddress("2001:0db8::1428:57ab"));
         Assert.assertTrue(InetAddressUtils.isIPv6HexCompressedAddress("2001:db8::1428:57ab"));
+        Assert.assertTrue(InetAddressUtils.isIPv6HexCompressedAddress("::1"));
+        Assert.assertTrue(InetAddressUtils.isIPv6HexCompressedAddress("::")); // http://tools.ietf.org/html/rfc4291#section-2.2
     }
 
     @Test
     public void testInvalidIPv6Address() {
         Assert.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0000:garb:age0:0000:1428:57ab"));
         Assert.assertFalse(InetAddressUtils.isIPv6Address("2001:0gb8:0000:0000:0000:0000:1428:57ab"));
+        Assert.assertFalse(InetAddressUtils.isIPv6StdAddress("0:0:0:0:0:0:0:0:0")); // Too many
+        Assert.assertFalse(InetAddressUtils.isIPv6StdAddress("0:0:0:0:0:0:0")); // Too few
+        Assert.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress(":1"));
+        Assert.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8::0000::57ab")); // Cannot have two contractions
+        Assert.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("1:2:3:4:5:6:7::9")); // too many fields before ::
+        Assert.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("1::3:4:5:6:7:8:9")); // too many fields after ::
+        Assert.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("::3:4:5:6:7:8:9")); // too many fields after ::
+    }
+
+    @Test
+    // Test HTTPCLIENT-1319
+    public void testInvalidIPv6AddressIncorrectGroupCount() {
+        Assert.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("1:2::4:5:6:7:8:9")); // too many fields in total
+        Assert.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("1:2:3:4:5:6::8:9")); // too many fields in total
     }
 
 }