You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2023/02/10 15:18:43 UTC

[httpcomponents-core] branch 5.3.x updated: Fix the issue with invalid scoped IPv6 addresses in InetAddressUtils.

This is an automated email from the ASF dual-hosted git repository.

olegk pushed a commit to branch 5.3.x
in repository https://gitbox.apache.org/repos/asf/httpcomponents-core.git


The following commit(s) were added to refs/heads/5.3.x by this push:
     new 0975d4f50 Fix the issue with invalid scoped IPv6 addresses in InetAddressUtils.
0975d4f50 is described below

commit 0975d4f503ac30c83deb7868400c6fe73b8ba36c
Author: Arturo Bernal <ar...@gmail.com>
AuthorDate: Fri Feb 10 12:23:43 2023 +0100

    Fix the issue with invalid scoped IPv6 addresses in InetAddressUtils.
    
    This commit implements a check to ensure that scoped IPv6 addresses provided as input to the InetAddressUtils are valid. The check ensures that the address conforms to either the standard or hex-compressed format, and that the scope ID consists only of alphanumeric characters or '-'.
---
 .../org/apache/hc/core5/net/InetAddressUtils.java  | 28 +++++++++++++++++++++-
 .../apache/hc/core5/net/TestInetAddressUtils.java  | 18 ++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java b/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java
index f3674574d..565b62b64 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java
@@ -79,6 +79,19 @@ public class InetAddressUtils {
                  "::" +
                  "(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$"); // 0-6 hex fields
 
+    /**
+     * Regular expression pattern to match the scope ID in an IPv6 scoped address.
+     * The scope ID should be a non-empty string consisting of only alphanumeric characters or "-".
+     */
+    private static final Pattern SCOPE_ID_PATTERN = Pattern.compile("^[a-zA-Z0-9\\-]+$");
+
+    /**
+     * Delimiter used to separate an IPv6 address from its scope ID.
+     */
+    private static final String SCOPE_ID_DELIMITER = "%";
+
+
+
     /*
      *  The above pattern is not totally rigorous as it allows for more than 7 hex fields in total
      */
@@ -139,7 +152,20 @@ public class InetAddressUtils {
      * @return true if the input parameter is a valid standard or compressed IPv6 address
      */
     public static boolean isIPv6Address(final String input) {
-        return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input);
+        final int index = input.indexOf(SCOPE_ID_DELIMITER);
+        if (index == -1) {
+            return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input);
+        } else {
+            final String address = input.substring(0, index);
+            if (isIPv6StdAddress(address) || isIPv6HexCompressedAddress(address)) {
+                // Check if the scope ID is valid
+                final String scopeId = input.substring(index + 1);
+                // Scope ID should be a non-empty string consisting of only alphanumeric characters or "-"
+                return !scopeId.isEmpty() && SCOPE_ID_PATTERN.matcher(scopeId).matches();
+            } else {
+                return false;
+            }
+        }
     }
 
     /**
diff --git a/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java b/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java
index 7e6aa9905..10969c0b0 100644
--- a/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java
+++ b/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java
@@ -73,6 +73,11 @@ public class TestInetAddressUtils {
         Assertions.assertTrue(InetAddressUtils.isIPv6Address("2001:db8::1428:57ab"));
         Assertions.assertTrue(InetAddressUtils.isIPv6Address("::1"));
         Assertions.assertTrue(InetAddressUtils.isIPv6Address("::")); // http://tools.ietf.org/html/rfc4291#section-2.2
+
+        //HTTPCORE-674 InetAddressUtils scoped ID support
+        Assertions.assertTrue(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a"));
+        Assertions.assertTrue(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2"));
+        Assertions.assertTrue(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%3"));
     }
 
     @Test
@@ -88,6 +93,19 @@ public class TestInetAddressUtils {
         Assertions.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("1::3:4:5:6:7:8:9")); // too many fields after ::
         Assertions.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("::3:4:5:6:7:8:9")); // too many fields after ::
         Assertions.assertFalse(InetAddressUtils.isIPv6Address("")); // empty
+
+        //Invalid scoped IDs
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2#"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%3@"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a#eth2"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2!"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%eth2#"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2#3"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%eth2#3"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%3#eth2"));
+        Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%3#eth2"));
     }
 
     @Test