Login | Register
My pages Projects Community openCollabNet

Discussions > dev > guessing vhost in UnsecureServlet

Project highlights: Architectural Overview

joist
Discussion topic

Back to topic list

guessing vhost in UnsecureServlet

Author edk
Full name Ed Korthof
Date 2000-08-25 11:50:34 PDT
Message hi --

here's code which looks broken to me:
 
    420 if (vhost == null || vhost.length() == 0) {
    421 int dot = httpAndServer.indexOf('.', 7);
    422 vhost = httpAndServer.substring(7, dot);
    423 }

if you're using a short name for a host which is w/in your domain (eg.
your domain is bar.com & the host is foo.bar.com, you can access it via
http://foo), then this generates a StringIndexOutOfBoundsException since
'dot' will be a negative value.

here's a patch which fixes this:

********************
Index: UnsecureServlet.java
====================​====================​====================​=======
RCS file: /cvs/joist/java/org/​joist/security/Unsec​ureServlet.java,v
retrieving revision 1.33
diff -c -r1.33 UnsecureServlet.java
*** UnsecureServlet.java 2000/08/15 23:52:29 1.33
--- UnsecureServlet.java 2000/08/25 18:39:49
***************
*** 416,425 ****
  
          String vhost = context.getForm("project");
  
! // if it is not set, try to guess it from the host name, assumes vhosting
      if (vhost == null || vhost.length() == 0) {
          int dot = httpAndServer.indexOf('.', 7);
! vhost = httpAndServer.substring(7, dot);
      }
  
      context.put("vhost", vhost);
--- 416,429 ----
  
          String vhost = context.getForm("project");
  
! // if it is not set, try to guess it from the host name
! // (assumes vhosting)
      if (vhost == null || vhost.length() == 0) {
          int dot = httpAndServer.indexOf('.', 7);
! if (dot < 0)
! vhost = httpAndServer.substring(7);
! else
! vhost = httpAndServer.substring(7, dot);
      }
  
      context.put("vhost", vhost);
********************

i can commit this if no one minds.

thanks --

ed
--
   +=-=+=-=+=-=+=-=+=-=​+=-=+=-=+=-=+=-=+=-=​+=-=+=-=+=-=+=-=
   | Ed Korthof | edk at collab dot net | 415-247-1690 |
   +=-=+=-=+=-=+=-=+=-=​+=-=+=-=+=-=+=-=+=-=​+=-=+=-=+=-=+=-=

« Previous message in topic | 1 of 1 | Next message in topic »

Messages

Show all messages in topic

guessing vhost in UnsecureServlet edk Ed Korthof 2000-08-25 11:50:34 PDT
Messages per page: