SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
------------------------------------------------------------
Key: NET-306
URL: https://issues.apache.org/jira/browse/NET-306
Project: Commons Net
Issue Type: Bug
Affects Versions: 2.0
Reporter: Dan Checkoway
Priority: Critical
org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally
broken. It utterly ignores the fact that integer address values might be,
um....negative?!
SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
String ip = "213.139.63.227";
if (subnetInfo.isInRange(ip)) {
System.out.println("YES, " + ip + " is in the range: " +
subnetInfo.getCidrSignature());
}
else {
System.out.println("NO, " + ip + " is not in the range: " +
subnetInfo.getCidrSignature());
}
YES, 213.139.63.227 is in the range: 66.249.71.0/24
?!?! WTF !?!?!
This is the culprit in SubnetUtils.java:
private boolean isInRange(int address) { return ((address-low())
<= (high()-low())); }
The integer values in the test case above are:
66.249.71.1 = 1123632897
66.249.71.254 = 1123633150
213.139.63.227 = -712294429
So...you can see the issue (I hope). Please fix this by changing isInRange()
to check if the given value is truly *BETWEEN* high and low values.
Thank you!!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
