Skip to content

Commit 894234a

Browse files
ok2cok2c
committed
Incorrect handling of malformed authority component by URIUtils#extractHost
1 parent 9bc49cc commit 894234a

File tree

2 files changed

+32
-43
lines changed

2 files changed

+32
-43
lines changed

httpclient5/src/main/java/org/apache/hc/client5/http/utils/URIUtils.java

Lines changed: 28 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -250,56 +250,43 @@ public static HttpHost extractHost(final URI uri) {
250250
if (uri == null) {
251251
return null;
252252
}
253-
HttpHost target = null;
254253
if (uri.isAbsolute()) {
255-
int port = uri.getPort(); // may be overridden later
256-
String host = uri.getHost();
257-
if (host == null) { // normal parse failed; let's do it ourselves
254+
if (uri.getHost() == null) { // normal parse failed; let's do it ourselves
258255
// authority does not seem to care about the valid character-set for host names
259-
host = uri.getAuthority();
260-
if (host != null) {
256+
if (uri.getAuthority() != null) {
257+
String content = uri.getAuthority();
261258
// Strip off any leading user credentials
262-
final int at = host.indexOf('@');
263-
if (at >= 0) {
264-
if (host.length() > at+1 ) {
265-
host = host.substring(at+1);
266-
} else {
267-
host = null; // @ on its own
268-
}
259+
int at = content.indexOf('@');
260+
if (at != -1) {
261+
content = content.substring(at + 1);
269262
}
270-
// Extract the port suffix, if present
271-
if (host != null) {
272-
final int colon = host.indexOf(':');
273-
if (colon >= 0) {
274-
final int pos = colon + 1;
275-
int len = 0;
276-
for (int i = pos; i < host.length(); i++) {
277-
if (Character.isDigit(host.charAt(i))) {
278-
len++;
279-
} else {
280-
break;
281-
}
282-
}
283-
if (len > 0) {
284-
try {
285-
port = Integer.parseInt(host.substring(pos, pos + len));
286-
} catch (final NumberFormatException ex) {
287-
}
288-
}
289-
host = host.substring(0, colon);
263+
final String scheme = uri.getScheme();
264+
final String hostname;
265+
final int port;
266+
at = content.indexOf(":");
267+
if (at != -1) {
268+
hostname = content.substring(0, at);
269+
try {
270+
final String portText = content.substring(at + 1);
271+
port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1;
272+
} catch (final NumberFormatException ex) {
273+
return null;
290274
}
275+
} else {
276+
hostname = content;
277+
port = -1;
278+
}
279+
try {
280+
return new HttpHost(scheme, hostname, port);
281+
} catch (final IllegalArgumentException ex) {
282+
return null;
291283
}
292284
}
293-
}
294-
final String scheme = uri.getScheme();
295-
if (!TextUtils.isBlank(host)) {
296-
try {
297-
target = new HttpHost(scheme, host, port);
298-
} catch (final IllegalArgumentException ignore) {
299-
}
285+
} else {
286+
return new HttpHost(uri.getScheme(), uri.getHost(), uri.getPort());
300287
}
301288
}
302-
return target;
289+
return null;
303290
}
304291

305292
/**

httpclient5/src/test/java/org/apache/hc/client5/http/utils/TestURIUtils.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -230,14 +230,16 @@ public void testExtractHost() throws Exception {
230230

231231
Assert.assertEquals(new HttpHost("localhost",8080),
232232
URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd")));
233-
Assert.assertEquals(new HttpHost("localhost",8080),
233+
Assert.assertEquals(null,
234234
URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd")));
235-
Assert.assertEquals(new HttpHost("localhost",-1),
235+
Assert.assertEquals(null,
236236
URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd")));
237237
Assert.assertEquals(null,
238238
URIUtils.extractHost(new URI("http://:80/robots.txt")));
239239
Assert.assertEquals(null,
240240
URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt")));
241+
Assert.assertEquals(null,
242+
URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/")));
241243
}
242244

243245
@Test

0 commit comments

Comments
 (0)