hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ingo Bauersachs (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1255) Wildcard matching in hostname verifier incorrect
Date Thu, 25 Oct 2012 20:27:12 GMT
Ingo Bauersachs created HTTPCLIENT-1255:

             Summary: Wildcard matching in hostname verifier incorrect
                 Key: HTTPCLIENT-1255
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1255
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: Snapshot
            Reporter: Ingo Bauersachs

According to the findings of [1], the hostname verification in AbstractVerifier.java is not
correct. The wildcard prefix extraction uses the dimension of the dotted parts array instead
of the length of the first part itself.

String prefix = parts[0].substring(0, parts.length-2); // e.g. server
should be
String prefix = parts[0].substring(0, parts[0].length()-1); // e.g. server

(This is line 208 of http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
as of Revision 1402320)

[1] http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message