commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Denis Iskhakov (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (VALIDATOR-419) Invalid IPv6 addresses that are IPv4-mapped pass InetAddressValidator validation
Date Tue, 14 Feb 2017 14:46:41 GMT

     [ https://issues.apache.org/jira/browse/VALIDATOR-419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Denis Iskhakov updated VALIDATOR-419:
-------------------------------------
    Description: 
1) {{InetAddressValidator.getInstance().isValidInet6Address(String inet6Address)}} returns
{{true}} for value {{0::ffff:192.168.1.1:192.168.1.1}}

I believe this is due to wrong comparison operand in line #166 of InetAddressValidator: 
{code}
if (index > octets.length - 1 || index > 6) {  // CHECKSTYLE IGNORE MagicNumber
    // IPV4 occupies last two octets
    return false;
}
{code} 
{{index > octets.length - 1}} expression will never be true inside cycle {code}for (int
index = 0; index < octets.length; index++){code}

2) According to https://tools.ietf.org/html/rfc4291 IPv6 address that is IPv4-mapped must
start with five zero octets followed by one {{ffff}} octet. Current implementation of InetAddressValidator
does not check this. E.g. {{1::2:192.168.1.1}} is considered valid.

  was:
1) {{InetAddressValidator.getInstance().isValidInet6Address(String inet6Address)}} returns
{{true}} for value 
{{0::1:192.168.1.1:192.168.1.1}}

I believe this is due to wrong comparison operand in line #166 of InetAddressValidator: 
{code}
if (index > octets.length - 1 || index > 6) {  // CHECKSTYLE IGNORE MagicNumber
    // IPV4 occupies last two octets
    return false;
}
{code} 
{{index > octets.length - 1}} expression will never be true inside cycle {code}for (int
index = 0; index < octets.length; index++){code}

2) According to https://tools.ietf.org/html/rfc4291 IPv6 address that is IPv4-mapped must
start with five zero octets followed by one {{ffff}} octet. Current implementation of InetAddressValidator
does not check this. E.g. {{1::2:192.168.1.1}} is considered valid.


> Invalid IPv6 addresses that are IPv4-mapped pass InetAddressValidator validation
> --------------------------------------------------------------------------------
>
>                 Key: VALIDATOR-419
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-419
>             Project: Commons Validator
>          Issue Type: Bug
>          Components: Routines
>    Affects Versions: 1.5.1
>            Reporter: Denis Iskhakov
>            Priority: Minor
>
> 1) {{InetAddressValidator.getInstance().isValidInet6Address(String inet6Address)}} returns
{{true}} for value {{0::ffff:192.168.1.1:192.168.1.1}}
> I believe this is due to wrong comparison operand in line #166 of InetAddressValidator:

> {code}
> if (index > octets.length - 1 || index > 6) {  // CHECKSTYLE IGNORE MagicNumber
>     // IPV4 occupies last two octets
>     return false;
> }
> {code} 
> {{index > octets.length - 1}} expression will never be true inside cycle {code}for
(int index = 0; index < octets.length; index++){code}
> 2) According to https://tools.ietf.org/html/rfc4291 IPv6 address that is IPv4-mapped
must start with five zero octets followed by one {{ffff}} octet. Current implementation of
InetAddressValidator does not check this. E.g. {{1::2:192.168.1.1}} is considered valid.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message