Code review request, 8020842 IDN do not throw IAE when hostname ends with a trailing dot
Weijun Wang
weijun.wang at oracle.com
Fri Aug 9 02:14:08 UTC 2013
On 8/9/13 9:37 AM, Xuelei Fan wrote:
> On 8/9/2013 9:22 AM, Weijun Wang wrote:
>> I tried nslookup. Those with ".." inside are illegal,
>>
>> $ nslookup com..
>> nslookup: 'com..' is not a legal name (empty label)
>>
>> but
>>
>> $ nslookup .
>> Server: 192.168.10.1
>> Address: 192.168.10.1#53
>>
>> Non-authoritative answer:
>> *** Can't find .: No answer
>>
> Thanks for the testing. The behaviors are the same as this fix now.
No exactly. It seems nslookup still regards "." legal but just cannot
find an IP for it.
>
> Learn something new today to use nslookup.
>
>> Also, since this bug was originally about SNIHostName, do you need to
>> add some extra restriction there to reject "oracle.com." things?
>>
> No, we cannot restrict the format of IDN in SNIHostName more than in
> IDN. However, we may need to rethink about the comparing of two IDN, for
> example, "example.com." should equal to "example.com". I want to
> consider it in another bug.
Not sure. Does the spec say IDN and SNIHostName are equivalent sets? And
it's not one is another's subset?
>
> Can I push the changeset?
I think it's better to ask someone in the networking team to make the
suggestion. From what I read Michael in this thread, he does not seem
totally agreed with your code changes (at least not the 00 version).
Thanks
Max
>
> Thanks,
> Xuelei
>
>> Thanks
>> Max
>>
>> On 8/9/13 8:41 AM, Xuelei Fan wrote:
>>> Ping.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>> On 8/7/2013 11:17 PM, Xuelei Fan wrote:
>>>> Please review the new update:
>>>>
>>>> http://cr.openjdk.java.net./~xuelei/8020842/webrev.01/
>>>>
>>>> With this update, "com." is valid (return "com."); "." and
>>>> "example..com" are invalid. And IAE will be thrown for invalid IDN.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>
More information about the security-dev
mailing list