SEC-1733: IpAddressMatcher doesn't match 0-bit subnet mask correctly #1970

spring-issuemaster opened this Issue May 5, 2011 · 1 comment


None yet

1 participant


janne kytömäki (Migrated from SEC-1733) said:

I'm using IpAddressMatcher for address matching outside Spring Security.

Network should match to any IP address, but only matches to If mask is given as "0", the matches() method handles the mask as if it was not given at all (or was given as 32). Perhaps differentiate the situations by assigning nMaskBits a null value if it's not defined at all?

It would also be nice to have a version of the matches() method that takes a String network address instead of a HttpServletRequest as a parameter.

Attached is a diff from my fix.


Luke Taylor said:

Thanks for the report. I've modified the code so that zero netmask will match any address.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment