Skip to content

Commit e628b4c

Browse files
ok2cok2c
committed
Incorrect handling of malformed authority component by URIUtils#extractHost
1 parent 8151d9e commit e628b4c

File tree

2 files changed

+32
-43
lines changed

2 files changed

+32
-43
lines changed

httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java

Lines changed: 28 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -419,56 +419,43 @@ public static HttpHost extractHost(final URI uri) {
419419
if (uri == null) {
420420
return null;
421421
}
422-
HttpHost target = null;
423422
if (uri.isAbsolute()) {
424-
int port = uri.getPort(); // may be overridden later
425-
String host = uri.getHost();
426-
if (host == null) { // normal parse failed; let's do it ourselves
423+
if (uri.getHost() == null) { // normal parse failed; let's do it ourselves
427424
// authority does not seem to care about the valid character-set for host names
428-
host = uri.getAuthority();
429-
if (host != null) {
425+
if (uri.getAuthority() != null) {
426+
String content = uri.getAuthority();
430427
// Strip off any leading user credentials
431-
final int at = host.indexOf('@');
432-
if (at >= 0) {
433-
if (host.length() > at+1 ) {
434-
host = host.substring(at+1);
435-
} else {
436-
host = null; // @ on its own
437-
}
428+
int at = content.indexOf('@');
429+
if (at != -1) {
430+
content = content.substring(at + 1);
438431
}
439-
// Extract the port suffix, if present
440-
if (host != null) {
441-
final int colon = host.indexOf(':');
442-
if (colon >= 0) {
443-
final int pos = colon + 1;
444-
int len = 0;
445-
for (int i = pos; i < host.length(); i++) {
446-
if (Character.isDigit(host.charAt(i))) {
447-
len++;
448-
} else {
449-
break;
450-
}
451-
}
452-
if (len > 0) {
453-
try {
454-
port = Integer.parseInt(host.substring(pos, pos + len));
455-
} catch (final NumberFormatException ex) {
456-
}
457-
}
458-
host = host.substring(0, colon);
432+
final String scheme = uri.getScheme();
433+
final String hostname;
434+
final int port;
435+
at = content.indexOf(":");
436+
if (at != -1) {
437+
hostname = content.substring(0, at);
438+
try {
439+
final String portText = content.substring(at + 1);
440+
port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1;
441+
} catch (final NumberFormatException ex) {
442+
return null;
459443
}
444+
} else {
445+
hostname = content;
446+
port = -1;
447+
}
448+
try {
449+
return new HttpHost(hostname, port, scheme);
450+
} catch (final IllegalArgumentException ex) {
451+
return null;
460452
}
461453
}
462-
}
463-
final String scheme = uri.getScheme();
464-
if (!TextUtils.isBlank(host)) {
465-
try {
466-
target = new HttpHost(host, port, scheme);
467-
} catch (final IllegalArgumentException ignore) {
468-
}
454+
} else {
455+
return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
469456
}
470457
}
471-
return target;
458+
return null;
472459
}
473460

474461
/**

httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -273,14 +273,16 @@ public void testExtractHost() throws Exception {
273273

274274
Assert.assertEquals(new HttpHost("localhost",8080),
275275
URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd")));
276-
Assert.assertEquals(new HttpHost("localhost",8080),
276+
Assert.assertEquals(null,
277277
URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd")));
278-
Assert.assertEquals(new HttpHost("localhost",-1),
278+
Assert.assertEquals(null,
279279
URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd")));
280280
Assert.assertEquals(null,
281281
URIUtils.extractHost(new URI("http://:80/robots.txt")));
282282
Assert.assertEquals(null,
283283
URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
284+
Assert.assertEquals(null,
285+
URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/")));
284286
}
285287

286288
@Test

0 commit comments

Comments
 (0)