https://bz.apache.org/bugzilla/show_bug.cgi?id=66240
Stefan Mayr <ste...@mayr-stefan.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Stefan Mayr <ste...@mayr-stefan.de> ---
Interesting find.
https://github.com/apache/tomcat/blob/831a674f7c12351cc3b537e899e7f20cb4d954ad/java/org/apache/tomcat/util/http/parser/Host.java#L65-L84
does not completely follow RFC 1123
Section 2.1 has this paragraph:
If a dotted-decimal number can be entered without such
identifying delimiters, then a full syntactic check must be
made, because a segment of a host domain name is now allowed
to begin with a digit and could legally be entirely numeric
(see Section 6.1.2.4). However, a valid host name can never
have the dotted-decimal form #.#.#.#, since at least the
highest-level component label will be alphabetic.
Looking at
https://github.com/apache/tomcat/blob/831a674f7c12351cc3b537e899e7f20cb4d954ad/java/org/apache/tomcat/util/http/parser/HttpParser.java#L718-L719
rings a bell
4294967295 is 0xffff which should be -1 for Java int. That explains why it
passes the condition in
https://github.com/apache/tomcat/blob/831a674f7c12351cc3b537e899e7f20cb4d954ad/java/org/apache/tomcat/util/http/parser/HttpParser.java#L734
to throw that exception instead of following the else to fall back to
readHostDomainName
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
