Spring Security
  1. Spring Security
  2. SEC-1733

IpAddressMatcher doesn't match 0-bit subnet mask correctly

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.0.RC1
    • Fix Version/s: 3.1.0.RC3
    • Component/s: Web
    • Labels:
      None

      Description

      I'm using IpAddressMatcher for address matching outside Spring Security.

      Network 0.0.0.0/0 should match to any IP address, but only matches to 0.0.0.0. If mask is given as "0", the matches() method handles the mask as if it was not given at all (or was given as 32). Perhaps differentiate the situations by assigning nMaskBits a null value if it's not defined at all?

      It would also be nice to have a version of the matches() method that takes a String network address instead of a HttpServletRequest as a parameter.

      Attached is a diff from my fix.

        Activity

        Hide
        Luke Taylor added a comment -

        Thanks for the report. I've modified the code so that zero netmask will match any address.

        Show
        Luke Taylor added a comment - Thanks for the report. I've modified the code so that zero netmask will match any address.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            janne kytömäki
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: