[
https://issues.apache.org/jira/browse/VALIDATOR-419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Denis Iskhakov updated VALIDATOR-419:
-------------------------------------
Description:
1) {{InetAddressValidator.getInstance().isValidInet6Address(String
inet6Address)}} returns {{true}} for value
{{0::1:192.168.1.1:192.168.1.1}}
I believe this is due to wrong comparison operand in line #166 of
InetAddressValidator:
{code}
if (index > octets.length - 1 || index > 6) { // CHECKSTYLE IGNORE MagicNumber
// IPV4 occupies last two octets
return false;
}
{code}
{{index > octets.length - 1}} expression will never be true inside cycle
{code}for (int index = 0; index < octets.length; index++){code}
2) According to https://tools.ietf.org/html/rfc4291 IPv6 address that is
IPv4-mapped must start with five zero octets followed by one {{ffff}} octet.
Current implementation of InetAddressValidator does not check this. E.g.
{{1::2:192.168.1.1}} is considered valid.
was:
{{InetAddressValidator.getInstance().isValidInet6Address(String inet6Address)}}
returns {{true}} for value
{{0::1:192.168.1.1:192.168.1.1}}
I believe this is due to wrong comparison operand in line #166 of
InetAddressValidator:
{code}
if (index > octets.length - 1 || index > 6) { // CHECKSTYLE IGNORE MagicNumber
// IPV4 occupies last two octets
return false;
}
{code}
{{index > octets.length - 1}} expression will never be true inside cycle
{code}for (int index = 0; index < octets.length; index++){code}
> Invalid IPv6 addresses that are IPv4-mapped pass InetAddressValidator
> validation
> --------------------------------------------------------------------------------
>
> Key: VALIDATOR-419
> URL: https://issues.apache.org/jira/browse/VALIDATOR-419
> Project: Commons Validator
> Issue Type: Bug
> Components: Routines
> Affects Versions: 1.5.1
> Reporter: Denis Iskhakov
> Priority: Minor
>
> 1) {{InetAddressValidator.getInstance().isValidInet6Address(String
> inet6Address)}} returns {{true}} for value
> {{0::1:192.168.1.1:192.168.1.1}}
> I believe this is due to wrong comparison operand in line #166 of
> InetAddressValidator:
> {code}
> if (index > octets.length - 1 || index > 6) { // CHECKSTYLE IGNORE
> MagicNumber
> // IPV4 occupies last two octets
> return false;
> }
> {code}
> {{index > octets.length - 1}} expression will never be true inside cycle
> {code}for (int index = 0; index < octets.length; index++){code}
> 2) According to https://tools.ietf.org/html/rfc4291 IPv6 address that is
> IPv4-mapped must start with five zero octets followed by one {{ffff}} octet.
> Current implementation of InetAddressValidator does not check this. E.g.
> {{1::2:192.168.1.1}} is considered valid.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
