Incorrect handling of malformed authority component by URIUtils#extractHost

This commit is contained in:
Oleg Kalnichevski 2020-09-29 09:37:38 +02:00
parent 8151d9e51a
commit e628b4c5c4
2 changed files with 32 additions and 43 deletions

View File

@ -419,56 +419,43 @@ public class URIUtils {
if (uri == null) {
return null;
}
HttpHost target = null;
if (uri.isAbsolute()) {
int port = uri.getPort(); // may be overridden later
String host = uri.getHost();
if (host == null) { // normal parse failed; let's do it ourselves
if (uri.getHost() == null) { // normal parse failed; let's do it ourselves
// authority does not seem to care about the valid character-set for host names
host = uri.getAuthority();
if (host != null) {
if (uri.getAuthority() != null) {
String content = uri.getAuthority();
// Strip off any leading user credentials
final int at = host.indexOf('@');
if (at >= 0) {
if (host.length() > at+1 ) {
host = host.substring(at+1);
} else {
host = null; // @ on its own
}
int at = content.indexOf('@');
if (at != -1) {
content = content.substring(at + 1);
}
// Extract the port suffix, if present
if (host != null) {
final int colon = host.indexOf(':');
if (colon >= 0) {
final int pos = colon + 1;
int len = 0;
for (int i = pos; i < host.length(); i++) {
if (Character.isDigit(host.charAt(i))) {
len++;
} else {
break;
}
}
if (len > 0) {
try {
port = Integer.parseInt(host.substring(pos, pos + len));
} catch (final NumberFormatException ex) {
}
}
host = host.substring(0, colon);
final String scheme = uri.getScheme();
final String hostname;
final int port;
at = content.indexOf(":");
if (at != -1) {
hostname = content.substring(0, at);
try {
final String portText = content.substring(at + 1);
port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1;
} catch (final NumberFormatException ex) {
return null;
}
} else {
hostname = content;
port = -1;
}
try {
return new HttpHost(hostname, port, scheme);
} catch (final IllegalArgumentException ex) {
return null;
}
}
}
final String scheme = uri.getScheme();
if (!TextUtils.isBlank(host)) {
try {
target = new HttpHost(host, port, scheme);
} catch (final IllegalArgumentException ignore) {
}
} else {
return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
}
}
return target;
return null;
}
/**

View File

@ -273,14 +273,16 @@ public class TestURIUtils {
Assert.assertEquals(new HttpHost("localhost",8080),
URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd")));
Assert.assertEquals(new HttpHost("localhost",8080),
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd")));
Assert.assertEquals(new HttpHost("localhost",-1),
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://:80/robots.txt")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
Assert.assertEquals(null,
URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/")));
}
@Test