Skip to content

Commit

Permalink
Incorrect handling of malformed authority component by URIUtils#extra…
Browse files Browse the repository at this point in the history 
…ctHost
  • Loading branch information
@ok2c
ok2c committed Oct 3, 2020
1 parent 8151d9e commit e628b4c
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 43 deletions.
69 changes: 28 additions & 41 deletions httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -419,56 +419,43 @@ public static HttpHost extractHost(final URI uri) {
if (uri == null) {
return null;
}
HttpHost target = null;
if (uri.isAbsolute()) {
int port = uri.getPort(); // may be overridden later
String host = uri.getHost();
if (host == null) { // normal parse failed; let's do it ourselves
if (uri.getHost() == null) { // normal parse failed; let's do it ourselves
// authority does not seem to care about the valid character-set for host names
host = uri.getAuthority();
if (host != null) {
if (uri.getAuthority() != null) {
String content = uri.getAuthority();
// Strip off any leading user credentials
final int at = host.indexOf('@');
if (at >= 0) {
if (host.length() > at+1 ) {
host = host.substring(at+1);
} else {
host = null; // @ on its own
}
int at = content.indexOf('@');
if (at != -1) {
content = content.substring(at + 1);
}
// Extract the port suffix, if present
if (host != null) {
final int colon = host.indexOf(':');
if (colon >= 0) {
final int pos = colon + 1;
int len = 0;
for (int i = pos; i < host.length(); i++) {
if (Character.isDigit(host.charAt(i))) {
len++;
} else {
break;
}
}
if (len > 0) {
try {
port = Integer.parseInt(host.substring(pos, pos + len));
} catch (final NumberFormatException ex) {
}
}
host = host.substring(0, colon);
final String scheme = uri.getScheme();
final String hostname;
final int port;
at = content.indexOf(":");
if (at != -1) {
hostname = content.substring(0, at);
try {
final String portText = content.substring(at + 1);
port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1;
} catch (final NumberFormatException ex) {
return null;
}
} else {
hostname = content;
port = -1;
}
try {
return new HttpHost(hostname, port, scheme);
} catch (final IllegalArgumentException ex) {
return null;
}
}
}
final String scheme = uri.getScheme();
if (!TextUtils.isBlank(host)) {
try {
target = new HttpHost(host, port, scheme);
} catch (final IllegalArgumentException ignore) {
}
} else {
return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
}
}
return target;
return null;
}

/**
Expand Down
6 changes: 4 additions & 2 deletions httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,14 +273,16 @@ public void testExtractHost() throws Exception {

Assert.assertEquals(new HttpHost("localhost",8080),
URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd")));
Assert.assertEquals(new HttpHost("localhost",8080),
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd")));
Assert.assertEquals(new HttpHost("localhost",-1),
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://:80/robots.txt")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://[email protected]:[email protected]/")));
}

@Test
Expand Down

0 comments on commit e628b4c

Please sign in to comment.