Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4322767

java.net.SocketPermission allows illegal host names

XMLWordPrintable

    • beta
    • sparc
    • solaris_2.6



      Name: dfC67450 Date: 03/17/2000



      java.net.SocketPermission allows illegal host names. It does not check
      host parameter for correct usage of the wildcard and for valid range
      of port. So it treats "*.*:99999" as valid host name.

      Javadoc for java.net.SocketPermission states:

       * The host is specified as
       *
       * host = (hostname | IPaddress)[:portrange]
       * portrange = portnumber | -portnumber | portnumber-[portnumber]
       *
       * The host is expressed as a DNS name, as a numerical IP address,
       * or as "localhost" (for the local machine).
       * The wildcard "*" may be included once in a DNS name host
       * specification. If it is included, it must be in the leftmost
       * position, as in "*.sun.com".
       * <p>
       * The port or portrange is optional. A port specification of the
       * form "N-", where <i>N</i> is a port number, signifies all ports
       * numbered <i>N</i> and above, while a specification of the
       * form "-N" indicates all ports numbered <i>N</i> and below.

      Another incorrectly acceptable host names listed below in the example:

      -------------------------------------
      import java.net.*;
      import java.io.*;


      public class Test {

          public static void main (String args[]){
              String names[] = {
                  "*.*",
                  "*.host*",
                  "host.*",
                  "*.*:99999",
                  "www.sun.com:70000",
                  "www.sun.com:-70000"
              };

              boolean passed = true;
              for (int i = 0; i < names.length; i++) {
                  try {
                      System.out.print("host: " + names[i]);
                      SocketPermission sp = new SocketPermission(names[i], "resolve");
                      System.out.println(" getName() returns " + sp.getName());
                      passed = false;
                  } catch (Exception e) {
                      System.out.println(" " + e);
                  }
              }
              if (passed)
                  System.out.println("Test passed");
              else
                  System.out.println("Test failed");
          }
      }

      -------- output from the text ----------------
      host: *.* getName() returns *.*
      host: *.host* getName() returns *.host*
      host: host.* getName() returns host.*
      host: *.*:99999 getName() returns *.*:99999
      host: www.sun.com:70000 getName() returns www.sun.com:70000
      host: www.sun.com:-70000 getName() returns www.sun.com:-70000
      Test failed
      ----------------------------------------------

      ======================================================================

            ywangsunw Yingxian Wang (Inactive)
            fdasunw Fda Fda (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: