Code review request, 8020842 IDN do not throw IAE when hostname ends with a trailing dot

Weijun Wang weijun.wang at oracle.com
Fri Aug 9 02:14:08 UTC 2013



On 8/9/13 9:37 AM, Xuelei Fan wrote:
> On 8/9/2013 9:22 AM, Weijun Wang wrote:
>> I tried nslookup. Those with ".." inside are illegal,
>>
>> $ nslookup com..
>> nslookup: 'com..' is not a legal name (empty label)
>>
>> but
>>
>> $ nslookup .
>> Server:        192.168.10.1
>> Address:    192.168.10.1#53
>>
>> Non-authoritative answer:
>> *** Can't find .: No answer
>>
> Thanks for the testing.  The behaviors are the same as this fix now.

No exactly. It seems nslookup still regards "." legal but just cannot 
find an IP for it.

>
> Learn something new today to use nslookup.
>
>> Also, since this bug was originally about SNIHostName, do you need to
>> add some extra restriction there to reject "oracle.com." things?
>>
> No, we cannot restrict the format of IDN in SNIHostName more than in
> IDN. However, we may need to rethink about the comparing of two IDN, for
> example, "example.com." should equal to "example.com".  I want to
> consider it in another bug.

Not sure. Does the spec say IDN and SNIHostName are equivalent sets? And 
it's not one is another's subset?

>
> Can I push the changeset?

I think it's better to ask someone in the networking team to make the 
suggestion. From what I read Michael in this thread, he does not seem 
totally agreed with your code changes (at least not the 00 version).

Thanks
Max

>
> Thanks,
> Xuelei
>
>> Thanks
>> Max
>>
>> On 8/9/13 8:41 AM, Xuelei Fan wrote:
>>> Ping.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>> On 8/7/2013 11:17 PM, Xuelei Fan wrote:
>>>> Please review the new update:
>>>>
>>>> http://cr.openjdk.java.net./~xuelei/8020842/webrev.01/
>>>>
>>>> With this update, "com." is valid (return "com."); "." and
>>>> "example..com" are invalid.  And IAE will be thrown for invalid IDN.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>



More information about the security-dev mailing list