[jira] Created: (NET-306) SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (NET-306) SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)

Gary D. Gregory (Jira)
SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
------------------------------------------------------------

                 Key: NET-306
                 URL: https://issues.apache.org/jira/browse/NET-306
             Project: Commons Net
          Issue Type: Bug
    Affects Versions: 2.0
            Reporter: Dan Checkoway
            Priority: Critical


org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally broken.  It utterly ignores the fact that integer address values might be, um....negative?!

            SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
            SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
            String ip = "213.139.63.227";
            if (subnetInfo.isInRange(ip)) {
                System.out.println("YES, " + ip + " is in the range: " + subnetInfo.getCidrSignature());
            }
            else {
                System.out.println("NO, " + ip + " is not in the range: " + subnetInfo.getCidrSignature());
            }


YES, 213.139.63.227 is in the range: 66.249.71.0/24

?!?! WTF !?!?!

This is the culprit in SubnetUtils.java:

        private boolean isInRange(int address)      { return ((address-low()) <= (high()-low())); }

The integer values in the test case above are:

66.249.71.1 = 1123632897
66.249.71.254 = 1123633150
213.139.63.227 = -712294429

So...you can see the issue (I hope).  Please fix this by changing isInRange() to check if the given value is truly *BETWEEN* high and low values.

Thank you!!

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Closed: (NET-306) SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)

Gary D. Gregory (Jira)

     [ https://issues.apache.org/jira/browse/NET-306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rory Winston closed NET-306.
----------------------------

       Resolution: Invalid
    Fix Version/s: Nightly Builds

evidently the reporter is braindead (aka fubar). fixed in svn for ages

> SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
> ------------------------------------------------------------
>
>                 Key: NET-306
>                 URL: https://issues.apache.org/jira/browse/NET-306
>             Project: Commons Net
>          Issue Type: Bug
>    Affects Versions: 2.0
>            Reporter: Dan Checkoway
>            Priority: Critical
>             Fix For: Nightly Builds
>
>
> org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally broken.  It utterly ignores the fact that integer address values might be, um....negative?!
>             SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
>             SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
>             String ip = "213.139.63.227";
>             if (subnetInfo.isInRange(ip)) {
>                 System.out.println("YES, " + ip + " is in the range: " + subnetInfo.getCidrSignature());
>             }
>             else {
>                 System.out.println("NO, " + ip + " is not in the range: " + subnetInfo.getCidrSignature());
>             }
> YES, 213.139.63.227 is in the range: 66.249.71.0/24
> ?!?! WTF !?!?!
> This is the culprit in SubnetUtils.java:
>         private boolean isInRange(int address)      { return ((address-low()) <= (high()-low())); }
> The integer values in the test case above are:
> 66.249.71.1 = 1123632897
> 66.249.71.254 = 1123633150
> 213.139.63.227 = -712294429
> So...you can see the issue (I hope).  Please fix this by changing isInRange() to check if the given value is truly *BETWEEN* high and low values.
> Thank you!!

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (NET-306) SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)

Gary D. Gregory (Jira)
In reply to this post by Gary D. Gregory (Jira)

    [ https://issues.apache.org/jira/browse/NET-306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12842562#action_12842562 ]

Dan Checkoway commented on NET-306:
-----------------------------------

Rory, can you please help me find a build that includes the fix?  Not sure what "ages" means, but I poked around on http://commons.apache.org/net/ and wasn't able to find much...the nightly builds link on this page is broken: http://commons.apache.org/net/download.html

I also found it odd that the svn tree for commons-net doesn't even have a "utils" package (just util, which doesn't contain SubnetUtils).  http://svn.apache.org/viewvc/commons/proper/net/trunk/src/java/org/apache/commons/net/

Man, I'm in the twilight zone here or something.  I haven't felt so braindead when trying to find other commons subprojects... :-)

Anyway, maybe you can toss me a clue and help me find *some* sort of build or svn tree that has the code *and* the fix.  All I could find was the 2.0 release of source, which doesn't have the fix.

> SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
> ------------------------------------------------------------
>
>                 Key: NET-306
>                 URL: https://issues.apache.org/jira/browse/NET-306
>             Project: Commons Net
>          Issue Type: Bug
>    Affects Versions: 2.0
>            Reporter: Dan Checkoway
>            Priority: Critical
>             Fix For: Nightly Builds
>
>
> org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally broken.  It utterly ignores the fact that integer address values might be, um....negative?!
>             SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
>             SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
>             String ip = "213.139.63.227";
>             if (subnetInfo.isInRange(ip)) {
>                 System.out.println("YES, " + ip + " is in the range: " + subnetInfo.getCidrSignature());
>             }
>             else {
>                 System.out.println("NO, " + ip + " is not in the range: " + subnetInfo.getCidrSignature());
>             }
> YES, 213.139.63.227 is in the range: 66.249.71.0/24
> ?!?! WTF !?!?!
> This is the culprit in SubnetUtils.java:
>         private boolean isInRange(int address)      { return ((address-low()) <= (high()-low())); }
> The integer values in the test case above are:
> 66.249.71.1 = 1123632897
> 66.249.71.254 = 1123633150
> 213.139.63.227 = -712294429
> So...you can see the issue (I hope).  Please fix this by changing isInRange() to check if the given value is truly *BETWEEN* high and low values.
> Thank you!!

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (NET-306) SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)

Gary D. Gregory (Jira)
In reply to this post by Gary D. Gregory (Jira)

    [ https://issues.apache.org/jira/browse/NET-306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12843026#action_12843026 ]

Rory Winston commented on NET-306:
----------------------------------

Dan

Sure. Try

http://svn.apache.org/viewvc/commons/proper/net/branches/NET_2_0/?sortby=date

This branch (NET_2_0) will be moved to trunk after the next release.

> SubnetUtils.SubnetInfo.isInRange is BRAINDEAD (a.k.a. FUBAR)
> ------------------------------------------------------------
>
>                 Key: NET-306
>                 URL: https://issues.apache.org/jira/browse/NET-306
>             Project: Commons Net
>          Issue Type: Bug
>    Affects Versions: 2.0
>            Reporter: Dan Checkoway
>            Priority: Critical
>             Fix For: Nightly Builds
>
>
> org.apache.commons.net.utils.SubnetUtils.SubnetInfo.isInRange() is totally broken.  It utterly ignores the fact that integer address values might be, um....negative?!
>             SubnetUtils subnetUtils = new SubnetUtils("66.249.71.0/24");
>             SubnetUtils.SubnetInfo subnetInfo = subnetUtils.getInfo();
>             String ip = "213.139.63.227";
>             if (subnetInfo.isInRange(ip)) {
>                 System.out.println("YES, " + ip + " is in the range: " + subnetInfo.getCidrSignature());
>             }
>             else {
>                 System.out.println("NO, " + ip + " is not in the range: " + subnetInfo.getCidrSignature());
>             }
> YES, 213.139.63.227 is in the range: 66.249.71.0/24
> ?!?! WTF !?!?!
> This is the culprit in SubnetUtils.java:
>         private boolean isInRange(int address)      { return ((address-low()) <= (high()-low())); }
> The integer values in the test case above are:
> 66.249.71.1 = 1123632897
> 66.249.71.254 = 1123633150
> 213.139.63.227 = -712294429
> So...you can see the issue (I hope).  Please fix this by changing isInRange() to check if the given value is truly *BETWEEN* high and low values.
> Thank you!!

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.