WildHostMatcher doesn't escape square brackets ([, ]) #381
Comments
blablabla42
changed the title
hierynomus
added a commit
that referenced
this issue
Nov 13, 2017
|
Fixed, thanks for reporting 👍 |
|
Thanks for the quick turn around! Do you have any plans to cut a new release soon? |
|
Not this week probably. Would that be a problem? |
|
Not at all, thanks again for the quick fix! |
CCLiu
added a commit
to CCLiu/sshj
that referenced
this issue
Jan 11, 2018
* Check whether filename is a child of the current file (Fixes hierynomus#341) * Fixed codacy * Updated README release notes * Removed oraclejdk7 as that is no longer supported on trusty, added openjdk * Added gradle caching to travis config * Removed use of DataTypeConverter as that is no longer in default JDK9 * Removed build of broken openJDK7 in favour of using animal-sniffer to detect java 1.6 compatibility * Improved test stability * Correctly determine KeyType for ECDSA public key (Fixes hierynomus#356) * fixed build * Fixed Java9 build? * Disambiguated signature initialization * Removed deprecated method * Organised imports * Added 'out/' to gitignore * Added support for new-style fingerprints (hierynomus#365) * Added support for new-style fingerprints * Fixed codacy warnings * Fix decoding signature bytes (Fixes hierynomus#355, hierynomus#354) (hierynomus#361) * Fix for signature verify in DSA * Cleaned up signature verification * Fixed import * Ignored erroneous pmd warnings * Updated JavaDoc * Extracted ASN.1/DER encoding to method (hierynomus#368) * Update net.i2p.crypto:eddsa to 0.2.0 (hierynomus#372) * Update net.i2p.crypto:eddsa to 0.2.0 * Update net.i2p.crypto.eddsa to 0.2.0 * Update net.i2p.crypto.eddsa to 0.2.0 * Update net.i2p.crypto.eddsa to 0.2.0 * Log security provider registration failures (hierynomus#374) * Migrate remaining block ciphers * Updated README for v0.23.0 release * Using new release plugin * Updated build plugins * Fix escaping in WildcardHostMatcher (hierynomus#382) * Escape '[' and ']' in WildcardHostMatcher * Anchoring regex to match entire string (Fixes hierynomus#381) * Updated builds to include CodeCov * - Experimenting with travis * - fix ip for online testing * - account for different working dir * - yaml-yaml * - double before_install * - still -d * - try common format * - Fixed server keys - Use sshj branding * - grr, ip * - minor improvements * - eh? * - switch username back * - orly? * - desperation * - One more time * Upgraded gradle to cope with java9 * Separated out integration tests * Fixed length bug in putString (Fixes hierynomus#187) * Removed docker from travis yml as it is included in gradle build now * Added integration test to travis * Update AndroidConfig (hierynomus#389) * Add EdDSA signature for AndroidConfig. * Initialize KeyExchange- and FileKeyProviderFactories with registered "bouncyCastle" (in fact, SpongyCastle is registered). See hierynomus#308 for discussion. * Added integration test for append scenario (Fixes hierynomus#390) * Fixed headers
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The WildHostMatcher escapes a number of characters before interpreting it as a regex. It should also escape square brackets, or else the regex will be misinterpreted.
For example,
[foo.com]:2222will be interpreted as the regex "match any of characters f, o, o... once" instead of the string "foo.com".You may also want to assert that the regex contains the whole string, by anchoring the start and the end. Something like this instead:
The text was updated successfully, but these errors were encountered: