|
|
7c44c0 |
From 0ac5caeaed1fa0354e02e0609f2c726b1b72eb8c Mon Sep 17 00:00:00 2001
|
|
|
7c44c0 |
From: Oleg Kalnichevski <olegk@apache.org>
|
|
|
7c44c0 |
Date: Tue, 29 Sep 2020 09:37:38 +0200
|
|
|
7c44c0 |
Subject: [PATCH 3/3] Incorrect handling of malformed authority component by
|
|
|
7c44c0 |
URIUtils#extractHost
|
|
|
7c44c0 |
|
|
|
7c44c0 |
---
|
|
|
7c44c0 |
.../apache/http/client/utils/URIUtils.java | 69 ++++++++-----------
|
|
|
7c44c0 |
.../http/client/utils/TestURIUtils.java | 6 +-
|
|
|
7c44c0 |
2 files changed, 32 insertions(+), 43 deletions(-)
|
|
|
7c44c0 |
|
|
|
7c44c0 |
diff --git a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
|
|
|
7c44c0 |
index 8eb7667e3..aa3431f6f 100644
|
|
|
7c44c0 |
--- a/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
|
|
|
7c44c0 |
+++ b/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
|
|
|
7c44c0 |
@@ -419,56 +419,43 @@ public class URIUtils {
|
|
|
7c44c0 |
if (uri == null) {
|
|
|
7c44c0 |
return null;
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
- HttpHost target = null;
|
|
|
7c44c0 |
if (uri.isAbsolute()) {
|
|
|
7c44c0 |
- int port = uri.getPort(); // may be overridden later
|
|
|
7c44c0 |
- String host = uri.getHost();
|
|
|
7c44c0 |
- if (host == null) { // normal parse failed; let's do it ourselves
|
|
|
7c44c0 |
+ if (uri.getHost() == null) { // normal parse failed; let's do it ourselves
|
|
|
7c44c0 |
// authority does not seem to care about the valid character-set for host names
|
|
|
7c44c0 |
- host = uri.getAuthority();
|
|
|
7c44c0 |
- if (host != null) {
|
|
|
7c44c0 |
+ if (uri.getAuthority() != null) {
|
|
|
7c44c0 |
+ String content = uri.getAuthority();
|
|
|
7c44c0 |
// Strip off any leading user credentials
|
|
|
7c44c0 |
- final int at = host.indexOf('@');
|
|
|
7c44c0 |
- if (at >= 0) {
|
|
|
7c44c0 |
- if (host.length() > at+1 ) {
|
|
|
7c44c0 |
- host = host.substring(at+1);
|
|
|
7c44c0 |
- } else {
|
|
|
7c44c0 |
- host = null; // @ on its own
|
|
|
7c44c0 |
- }
|
|
|
7c44c0 |
+ int at = content.indexOf('@');
|
|
|
7c44c0 |
+ if (at != -1) {
|
|
|
7c44c0 |
+ content = content.substring(at + 1);
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
- // Extract the port suffix, if present
|
|
|
7c44c0 |
- if (host != null) {
|
|
|
7c44c0 |
- final int colon = host.indexOf(':');
|
|
|
7c44c0 |
- if (colon >= 0) {
|
|
|
7c44c0 |
- final int pos = colon + 1;
|
|
|
7c44c0 |
- int len = 0;
|
|
|
7c44c0 |
- for (int i = pos; i < host.length(); i++) {
|
|
|
7c44c0 |
- if (Character.isDigit(host.charAt(i))) {
|
|
|
7c44c0 |
- len++;
|
|
|
7c44c0 |
- } else {
|
|
|
7c44c0 |
- break;
|
|
|
7c44c0 |
- }
|
|
|
7c44c0 |
- }
|
|
|
7c44c0 |
- if (len > 0) {
|
|
|
7c44c0 |
- try {
|
|
|
7c44c0 |
- port = Integer.parseInt(host.substring(pos, pos + len));
|
|
|
7c44c0 |
- } catch (final NumberFormatException ex) {
|
|
|
7c44c0 |
- }
|
|
|
7c44c0 |
- }
|
|
|
7c44c0 |
- host = host.substring(0, colon);
|
|
|
7c44c0 |
+ final String scheme = uri.getScheme();
|
|
|
7c44c0 |
+ final String hostname;
|
|
|
7c44c0 |
+ final int port;
|
|
|
7c44c0 |
+ at = content.indexOf(":");
|
|
|
7c44c0 |
+ if (at != -1) {
|
|
|
7c44c0 |
+ hostname = content.substring(0, at);
|
|
|
7c44c0 |
+ try {
|
|
|
7c44c0 |
+ final String portText = content.substring(at + 1);
|
|
|
7c44c0 |
+ port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1;
|
|
|
7c44c0 |
+ } catch (final NumberFormatException ex) {
|
|
|
7c44c0 |
+ return null;
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
+ } else {
|
|
|
7c44c0 |
+ hostname = content;
|
|
|
7c44c0 |
+ port = -1;
|
|
|
7c44c0 |
+ }
|
|
|
7c44c0 |
+ try {
|
|
|
7c44c0 |
+ return new HttpHost(hostname, port, scheme);
|
|
|
7c44c0 |
+ } catch (final IllegalArgumentException ex) {
|
|
|
7c44c0 |
+ return null;
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
- }
|
|
|
7c44c0 |
- final String scheme = uri.getScheme();
|
|
|
7c44c0 |
- if (!TextUtils.isBlank(host)) {
|
|
|
7c44c0 |
- try {
|
|
|
7c44c0 |
- target = new HttpHost(host, port, scheme);
|
|
|
7c44c0 |
- } catch (final IllegalArgumentException ignore) {
|
|
|
7c44c0 |
- }
|
|
|
7c44c0 |
+ } else {
|
|
|
7c44c0 |
+ return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
- return target;
|
|
|
7c44c0 |
+ return null;
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
|
|
|
7c44c0 |
/**
|
|
|
7c44c0 |
diff --git a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
|
|
|
7c44c0 |
index 189966635..98a44bc1c 100644
|
|
|
7c44c0 |
--- a/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
|
|
|
7c44c0 |
+++ b/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
|
|
|
7c44c0 |
@@ -273,14 +273,16 @@ public class TestURIUtils {
|
|
|
7c44c0 |
|
|
|
7c44c0 |
Assert.assertEquals(new HttpHost("localhost",8080),
|
|
|
7c44c0 |
URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd")));
|
|
|
7c44c0 |
- Assert.assertEquals(new HttpHost("localhost",8080),
|
|
|
7c44c0 |
+ Assert.assertEquals(null,
|
|
|
7c44c0 |
URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd")));
|
|
|
7c44c0 |
- Assert.assertEquals(new HttpHost("localhost",-1),
|
|
|
7c44c0 |
+ Assert.assertEquals(null,
|
|
|
7c44c0 |
URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd")));
|
|
|
7c44c0 |
Assert.assertEquals(null,
|
|
|
7c44c0 |
URIUtils.extractHost(new URI("http://:80/robots.txt")));
|
|
|
7c44c0 |
Assert.assertEquals(null,
|
|
|
7c44c0 |
URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
|
|
|
7c44c0 |
+ Assert.assertEquals(null,
|
|
|
7c44c0 |
+ URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/")));
|
|
|
7c44c0 |
}
|
|
|
7c44c0 |
|
|
|
7c44c0 |
@Test
|
|
|
7c44c0 |
--
|
|
|
7c44c0 |
2.31.1
|
|
|
7c44c0 |
|