commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Checkoway (JIRA)" <j...@apache.org>
Subject [jira] Created: (NET-306) SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
Date Mon, 11 Jan 2010 23:44:54 GMT
SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
------------------------------------------------------------

                 Key: NET-306
                 URL: https://issues.apache.org/jira/browse/NET-306
             Project: Commons Net
          Issue Type: Bug
    Affects Versions: 2.0
            Reporter: Dan Checkoway
            Priority: Critical


org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally broken.  It utterly
ignores the fact that integer address values might be, um....negative?!

            SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
            SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
            String ip = "213.139.63.227";
            if (subnetInfo.isInRange(ip)) {
                System.out.println("YES, " + ip + " is in the range: " + subnetInfo.getCidrSignature());
            }
            else {
                System.out.println("NO, " + ip + " is not in the range: " + subnetInfo.getCidrSignature());
            }


YES, 213.139.63.227 is in the range: 66.249.71.0/24

?!?! WTF !?!?!

This is the culprit in SubnetUtils.java:

        private boolean isInRange(int address)      { return ((address-low()) <= (high()-low()));
}

The integer values in the test case above are:

66.249.71.1 = 1123632897
66.249.71.254 = 1123633150
213.139.63.227 = -712294429

So...you can see the issue (I hope).  Please fix this by changing isInRange() to check if
the given value is truly *BETWEEN* high and low values.

Thank you!!

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message