Uploaded image for project: 'Commons Net'
  1. Commons Net
  2. NET-306

SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 1.4
    • 2.0
    • None
    • None

    Description

      org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally broken. It utterly ignores the fact that integer address values might be, um....negative?!

      SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
      SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
      String ip = "213.139.63.227";
      if (subnetInfo.isInRange(ip))

      { System.out.println("YES, " + ip + " is in the range: " + subnetInfo.getCidrSignature()); }

      else

      { System.out.println("NO, " + ip + " is not in the range: " + subnetInfo.getCidrSignature()); }

      YES, 213.139.63.227 is in the range: 66.249.71.0/24

      ?!?! WTF !?!?!

      This is the culprit in SubnetUtils.java:

      private boolean isInRange(int address)

      { return ((address-low()) <= (high()-low())); }

      The integer values in the test case above are:

      66.249.71.1 = 1123632897
      66.249.71.254 = 1123633150
      213.139.63.227 = -712294429

      So...you can see the issue (I hope). Please fix this by changing isInRange() to check if the given value is truly BETWEEN high and low values.

      Thank you!!

      Attachments

        Activity

          People

            Unassigned Unassigned
            dcheckoway Dan Checkoway
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: