SEC-1733: IpAddressMatcher doesn't match 0-bit subnet mask correctly #1970

Closed
spring-issuemaster opened this Issue May 5, 2011 · 1 comment

1 participant

@spring-issuemaster

janne kytömäki (Migrated from SEC-1733) said:

I'm using IpAddressMatcher for address matching outside Spring Security.

Network 0.0.0.0/0 should match to any IP address, but only matches to 0.0.0.0. If mask is given as "0", the matches() method handles the mask as if it was not given at all (or was given as 32). Perhaps differentiate the situations by assigning nMaskBits a null value if it's not defined at all?

It would also be nice to have a version of the matches() method that takes a String network address instead of a HttpServletRequest as a parameter.

Attached is a diff from my fix.

@spring-issuemaster

Luke Taylor said:

Thanks for the report. I've modified the code so that zero netmask will match any address.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment