[jboss-jira] [JBoss JIRA] (WFCORE-4309) Value validator for 'host-context-map' attribute of 'server-ssl-sni-context' resource

Diana Vilkolakova (Jira) issues at jboss.org
Tue Apr 2 04:05:03 EDT 2019 

    [ https://issues.jboss.org/browse/WFCORE-4309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13716120#comment-13716120 ] 

Diana Vilkolakova commented on WFCORE-4309:
-------------------------------------------

[~jstourac] Hello. Since hostnames cannot contain slashes, double backslash should not be allowed as an input. And in the description of this issue is written that "..example.com" should be invalid , however looking at the issues you linked, this should be valid as dot in this case means any character. But "\.\.example.com" should be invalid. However you are right that the merged changes must be updated. Thanks!

> Value validator for 'host-context-map' attribute of 'server-ssl-sni-context' resource
> -------------------------------------------------------------------------------------
>
>                 Key: WFCORE-4309
>                 URL: https://issues.jboss.org/browse/WFCORE-4309
>             Project: WildFly Core
>          Issue Type: Enhancement
>          Components: Security
>    Affects Versions: 7.0.0.Final
>            Reporter: Jan Stourac
>            Assignee: Diana Vilkolakova
>            Priority: Minor
>             Fix For: 9.0.0.Beta2
>
>
> There is not validation for 'host-context-map' property values on key side. There is validation for the values that represents 'server-ssl-contexts', although, there is no validation for host matching part. E.g. writing attribute of this value is possible:
> {code}
> /subsystem=elytron/server-ssl-sni-context=serverSslSniCtx:write-attribute(name=host-context-map,value={"\\?.example.com"=validSslContext,"..example.com"="validSslContext", "\\*\\*.example.com"=validSslContext})
> {code}
> {code}
> "\\?.example.com"
> "..example.com"
> "\\*\\*.example.com"
> {code}
> even though, these are invalid host name matchers IMHO. It would be nice to identify these and report those to user immediately during the configuration attempt.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list