[jboss-remoting-issues] [JBoss JIRA] Commented: (JBREM-1180) Formally reject hostnames which don't conform to RFC-952
Ron Sigal (JIRA)
jira-events at lists.jboss.org
Wed Feb 17 17:17:10 EST 2010
[ https://jira.jboss.org/jira/browse/JBREM-1180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12515068#action_12515068 ]
Ron Sigal commented on JBREM-1180:
----------------------------------
I think the only way to guarantee that a URL is well-formed would be to, in effect, duplicate the parsing carried out by java.net.URI, and I don't think it makes sense to do that. However, when URI parsing pulls out the "authority" segment and then fails to parse it into a host and port, it leaves host set to null. That is what happens, for example, when the host includes the "_" character. An approximation, then, to guaranteeing that a URL is well-formed is to check for URI.getHost() == null. It's not appropriate to introduce any new exceptions in an SP release, so the org.jboss.remoting.InvokerLocator constructor will log a message at WARN level that host has been set to null, which might indicate a problem. For example, creating an InvokerLocator from "bisocket://UNDER_SCORE:4457//?JBM_clientMaxPoolSize=200" will yield the message
[17:10:33,313] [main] WARN (Logger.java:352) - Host resolves to null in bisocket://UNDER_SCORE:4457//?JBM_clientMaxPoolSize=200. Perhaps the host contains an invalid character. See http://www.ietf.org/rfc/rfc2396.txt.
Since it's legal to create a URI with an empty host, this warning might be baseless and annoying, so InvokerLocator checks the boolean value of the system property InvokerLocator.SUPPRESS_HOST_WARNING (actual value "suppressHostWarning") and skips the warning if the property is set to "true".
The changes have been applied to branches 2.2 and 2.x.
Testing: unit test org.jboss.test.remoting.locator.MalformedLocatorTestCase.
Waiting for hudson results.
Should update Remoting Guide.
> Formally reject hostnames which don't conform to RFC-952
> --------------------------------------------------------
>
> Key: JBREM-1180
> URL: https://jira.jboss.org/jira/browse/JBREM-1180
> Project: JBoss Remoting
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 2.2.3.SP1, 2.5.2.SP2 (Flounder)
> Reporter: Justin Bertram
> Assignee: Ron Sigal
> Fix For: 2.2.3.SP2, 2.5.2.SP3 (Flounder)
>
>
> Host names which don't conform to RFC-952 [1] should be formally rejected. This will save time diagnosing problems as org.jboss.remoting.InvokerLocator(String uri) does not handle non-conformant names properly and seemingly unrelated errors can occur as a result. For example:
> InvokerLocator locator = new InvokerLocator("bisocket://UNDER_SCORE:4457//?JBM_clientMaxPoolSize=200");
> System.out.println(locator);
> locator = new InvokerLocator("bisocket://UNDERSCORE:4457/?JBM_clientMaxPoolSize=200");
> System.out.println(locator);
> Results in:
> InvokerLocator [bisocket://192.168.2.2//?JBM_clientMaxPoolSize=200]
> InvokerLocator [bisocket://UNDERSCORE:4457/?JBM_clientMaxPoolSize=200]
> The "_" breaks the parsing logic.
> [1] http://www.ietf.org/rfc/rfc952.txt
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-remoting-issues
mailing list