Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1733: IpAddressMatcher doesn't match 0-bit subnet mask correctly #1970

spring-issuemaster opened this Issue May 5, 2011 · 1 comment


None yet
1 participant

janne kytömäki (Migrated from SEC-1733) said:

I'm using IpAddressMatcher for address matching outside Spring Security.

Network should match to any IP address, but only matches to If mask is given as "0", the matches() method handles the mask as if it was not given at all (or was given as 32). Perhaps differentiate the situations by assigning nMaskBits a null value if it's not defined at all?

It would also be nice to have a version of the matches() method that takes a String network address instead of a HttpServletRequest as a parameter.

Attached is a diff from my fix.

Luke Taylor said:

Thanks for the report. I've modified the code so that zero netmask will match any address.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment