Author: markt Date: Mon Jun 4 13:18:54 2018 New Revision: 1832843 URL: http://svn.apache.org/viewvc?rev=1832843&view=rev Log: Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not contain leading zeros in the IPv4 part. Based on a patch by Katya Stoycheva.
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1832843&r1=1832842&r2=1832843&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java Mon Jun 4 13:18:54 2018 @@ -661,6 +661,15 @@ public class HttpParser { } else if (isNumeric(c)) { if (octet == -1) { octet = c - '0'; + } else if (octet == 0) { + // Leading zero in non-zero octet. Not valid (ambiguous). + if (inIPv6) { + throw new IllegalArgumentException(sm.getString("http.invalidLeadingZero")); + } else { + // Could be a host/FQDN + reader.reset(); + return readHostDomainName(reader); + } } else { octet = octet * 10 + c - '0'; } Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties?rev=1832843&r1=1832842&r2=1832843&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/LocalStrings.properties Mon Jun 4 13:18:54 2018 @@ -26,6 +26,7 @@ http.illegalCharacterIpv6=The character http.invalidCharacterDomain=The character [{0}] is not valid{1} a domain name. http.invalidHextet=Invalid hextet. A hextet must consist of 4 or less hex characters. http.invalidIpv4Location=The IPv6 address contains an embedded IPv4 address at an invalid location. +http.invalidLeadingZero=An non-zero IPv4 octet may not contain a leading zero. http.invalidOctet=Invalid octet [{0}]. The valid range for IPv4 octets is 0 to 255. http.invalidSegmentEndState=The state [{0}] is not valid for the end of a segment. http.noClosingBracket=The IPv6 address is missing a closing bracket. Modified: tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java?rev=1832843&r1=1832842&r2=1832843&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java (original) +++ tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java Mon Jun 4 13:18:54 2018 @@ -54,17 +54,19 @@ public class TestHttpParserHost { result.add(new Object[] { TestType.IPv4, "127.0.0.1:8080", Integer.valueOf(9), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0.0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0.0:8080", Integer.valueOf(7), null} ); - result.add(new Object[] { TestType.IPv4, "0", Integer.valueOf(-1), null} ); // IPv4 - invalid result.add(new Object[] { TestType.IPv4, ".0.0.0", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv4, "0.0.0.", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv4, "0..0.0", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv4, "0]", Integer.valueOf(-1), IAE} ); // Domain Name - valid + result.add(new Object[] { TestType.IPv4, "0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0:8080", Integer.valueOf(3), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "0.0.0:8080", Integer.valueOf(5), null} ); + result.add(new Object[] { TestType.IPv4, "0.00.0.0", Integer.valueOf(-1), null} ); + result.add(new Object[] { TestType.IPv4, "0.00.0.0:8080", Integer.valueOf(8), null} ); result.add(new Object[] { TestType.IPv4, "256.0.0.0", Integer.valueOf(-1), null} ); result.add(new Object[] { TestType.IPv4, "256.0.0.0:8080", Integer.valueOf(9), null} ); result.add(new Object[] { TestType.IPv4, "0.256.0.0", Integer.valueOf(-1), null} ); @@ -190,6 +192,7 @@ public class TestHttpParserHost { Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv6, "[1234:5678:90AB:CDEF:1234:5678:90AB:CDEF", Integer.valueOf(-1), IAE} ); + result.add(new Object[] { TestType.IPv6, "[::127.00.0.1]", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv6, "[0::0::127.0.0.1]", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv6, "[0:0:G:0:0:0:127.0.0.1]", Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv6, "[00000:0:0:0:0:0:127.0.0.1]", Integer.valueOf(-1), IAE} ); Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1832843&r1=1832842&r2=1832843&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 4 13:18:54 2018 @@ -186,6 +186,11 @@ <docs> <bug>62423</bug>: Fix SSL docs CRL attribute typo. (remm) </docs> + <fix> + Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do + not contain leading zeros in the IPv4 part. Based on a patch by Katya + Stoycheva. (markt) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org