You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2023/02/10 15:18:43 UTC
[httpcomponents-core] branch 5.3.x updated: Fix the issue with invalid scoped IPv6 addresses in InetAddressUtils.
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch 5.3.x
in repository https://gitbox.apache.org/repos/asf/httpcomponents-core.git
The following commit(s) were added to refs/heads/5.3.x by this push:
new 0975d4f50 Fix the issue with invalid scoped IPv6 addresses in InetAddressUtils.
0975d4f50 is described below
commit 0975d4f503ac30c83deb7868400c6fe73b8ba36c
Author: Arturo Bernal <ar...@gmail.com>
AuthorDate: Fri Feb 10 12:23:43 2023 +0100
Fix the issue with invalid scoped IPv6 addresses in InetAddressUtils.
This commit implements a check to ensure that scoped IPv6 addresses provided as input to the InetAddressUtils are valid. The check ensures that the address conforms to either the standard or hex-compressed format, and that the scope ID consists only of alphanumeric characters or '-'.
---
.../org/apache/hc/core5/net/InetAddressUtils.java | 28 +++++++++++++++++++++-
.../apache/hc/core5/net/TestInetAddressUtils.java | 18 ++++++++++++++
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java b/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java
index f3674574d..565b62b64 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/net/InetAddressUtils.java
@@ -79,6 +79,19 @@ public class InetAddressUtils {
"::" +
"(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$"); // 0-6 hex fields
+ /**
+ * Regular expression pattern to match the scope ID in an IPv6 scoped address.
+ * The scope ID should be a non-empty string consisting of only alphanumeric characters or "-".
+ */
+ private static final Pattern SCOPE_ID_PATTERN = Pattern.compile("^[a-zA-Z0-9\\-]+$");
+
+ /**
+ * Delimiter used to separate an IPv6 address from its scope ID.
+ */
+ private static final String SCOPE_ID_DELIMITER = "%";
+
+
+
/*
* The above pattern is not totally rigorous as it allows for more than 7 hex fields in total
*/
@@ -139,7 +152,20 @@ public class InetAddressUtils {
* @return true if the input parameter is a valid standard or compressed IPv6 address
*/
public static boolean isIPv6Address(final String input) {
- return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input);
+ final int index = input.indexOf(SCOPE_ID_DELIMITER);
+ if (index == -1) {
+ return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input);
+ } else {
+ final String address = input.substring(0, index);
+ if (isIPv6StdAddress(address) || isIPv6HexCompressedAddress(address)) {
+ // Check if the scope ID is valid
+ final String scopeId = input.substring(index + 1);
+ // Scope ID should be a non-empty string consisting of only alphanumeric characters or "-"
+ return !scopeId.isEmpty() && SCOPE_ID_PATTERN.matcher(scopeId).matches();
+ } else {
+ return false;
+ }
+ }
}
/**
diff --git a/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java b/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java
index 7e6aa9905..10969c0b0 100644
--- a/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java
+++ b/httpcore5/src/test/java/org/apache/hc/core5/net/TestInetAddressUtils.java
@@ -73,6 +73,11 @@ public class TestInetAddressUtils {
Assertions.assertTrue(InetAddressUtils.isIPv6Address("2001:db8::1428:57ab"));
Assertions.assertTrue(InetAddressUtils.isIPv6Address("::1"));
Assertions.assertTrue(InetAddressUtils.isIPv6Address("::")); // http://tools.ietf.org/html/rfc4291#section-2.2
+
+ //HTTPCORE-674 InetAddressUtils scoped ID support
+ Assertions.assertTrue(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a"));
+ Assertions.assertTrue(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2"));
+ Assertions.assertTrue(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%3"));
}
@Test
@@ -88,6 +93,19 @@ public class TestInetAddressUtils {
Assertions.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("1::3:4:5:6:7:8:9")); // too many fields after ::
Assertions.assertFalse(InetAddressUtils.isIPv6HexCompressedAddress("::3:4:5:6:7:8:9")); // too many fields after ::
Assertions.assertFalse(InetAddressUtils.isIPv6Address("")); // empty
+
+ //Invalid scoped IDs
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2#"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%3@"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a#eth2"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2!"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%eth2#"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%eth2#3"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%eth2#3"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("fe80::1ff:fe23:4567:890a%3#eth2"));
+ Assertions.assertFalse(InetAddressUtils.isIPv6Address("2001:0db8:0:0::1428:57ab%3#eth2"));
}
@Test