Author: markt
Date: Mon Jun 4 13:18:54 2018
New Revision: 1832843
URL: http://svn.apache.org/viewvc?rev=1832843&view=rev
Log:
Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not
contain leading zeros in the IPv4 part.
Based on a patch by Katya Stoycheva.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties
tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1832843&r1=1832842&r2=1832843&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java Mon
Jun 4 13:18:54 2018
@@ -661,6 +661,15 @@ public class HttpParser {
} else if (isNumeric(c)) {
if (octet == -1) {
octet = c - '0';
+ } else if (octet == 0) {
+ // Leading zero in non-zero octet. Not valid (ambiguous).
+ if (inIPv6) {
+ throw new
IllegalArgumentException(sm.getString("http.invalidLeadingZero"));
+ } else {
+ // Could be a host/FQDN
+ reader.reset();
+ return readHostDomainName(reader);
+ }
} else {
octet = octet * 10 + c - '0';
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties?rev=1832843&r1=1832842&r2=1832843&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties
Mon Jun 4 13:18:54 2018
@@ -26,6 +26,7 @@ http.illegalCharacterIpv6=The character
http.invalidCharacterDomain=The character [{0}] is not valid{1} a domain name.
http.invalidHextet=Invalid hextet. A hextet must consist of 4 or less hex
characters.
http.invalidIpv4Location=The IPv6 address contains an embedded IPv4 address at
an invalid location.
+http.invalidLeadingZero=An non-zero IPv4 octet may not contain a leading zero.
http.invalidOctet=Invalid octet [{0}]. The valid range for IPv4 octets is 0 to
255.
http.invalidSegmentEndState=The state [{0}] is not valid for the end of a
segment.
http.noClosingBracket=The IPv6 address is missing a closing bracket.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java?rev=1832843&r1=1832842&r2=1832843&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
Mon Jun 4 13:18:54 2018
@@ -54,17 +54,19 @@ public class TestHttpParserHost {
result.add(new Object[] { TestType.IPv4, "127.0.0.1:8080",
Integer.valueOf(9), null} );
result.add(new Object[] { TestType.IPv4, "0.0.0.0",
Integer.valueOf(-1), null} );
result.add(new Object[] { TestType.IPv4, "0.0.0.0:8080",
Integer.valueOf(7), null} );
- result.add(new Object[] { TestType.IPv4, "0", Integer.valueOf(-1),
null} );
// IPv4 - invalid
result.add(new Object[] { TestType.IPv4, ".0.0.0",
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv4, "0.0.0.",
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv4, "0..0.0",
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv4, "0]", Integer.valueOf(-1),
IAE} );
// Domain Name - valid
+ result.add(new Object[] { TestType.IPv4, "0", Integer.valueOf(-1),
null} );
result.add(new Object[] { TestType.IPv4, "0.0", Integer.valueOf(-1),
null} );
result.add(new Object[] { TestType.IPv4, "0.0:8080",
Integer.valueOf(3), null} );
result.add(new Object[] { TestType.IPv4, "0.0.0", Integer.valueOf(-1),
null} );
result.add(new Object[] { TestType.IPv4, "0.0.0:8080",
Integer.valueOf(5), null} );
+ result.add(new Object[] { TestType.IPv4, "0.00.0.0",
Integer.valueOf(-1), null} );
+ result.add(new Object[] { TestType.IPv4, "0.00.0.0:8080",
Integer.valueOf(8), null} );
result.add(new Object[] { TestType.IPv4, "256.0.0.0",
Integer.valueOf(-1), null} );
result.add(new Object[] { TestType.IPv4, "256.0.0.0:8080",
Integer.valueOf(9), null} );
result.add(new Object[] { TestType.IPv4, "0.256.0.0",
Integer.valueOf(-1), null} );
@@ -190,6 +192,7 @@ public class TestHttpParserHost {
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv6,
"[1234:5678:90AB:CDEF:1234:5678:90AB:CDEF",
Integer.valueOf(-1), IAE} );
+ result.add(new Object[] { TestType.IPv6, "[::127.00.0.1]",
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv6, "[0::0::127.0.0.1]",
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv6, "[0:0:G:0:0:0:127.0.0.1]",
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv6,
"[00000:0:0:0:0:0:127.0.0.1]", Integer.valueOf(-1), IAE} );
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1832843&r1=1832842&r2=1832843&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 4 13:18:54 2018
@@ -186,6 +186,11 @@
<docs>
<bug>62423</bug>: Fix SSL docs CRL attribute typo. (remm)
</docs>
+ <fix>
+ Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do
+ not contain leading zeros in the IPv4 part. Based on a patch by Katya
+ Stoycheva. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
