From 542622fdfb7e3e24ddc6766add06f0d4bcfc3c1b Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Tue, 18 Nov 2014 17:45:01 -0800 Subject: Fix a bug in OkHostnameVerifier wildcard handling. Wildcard domain name patterns of the form *.remainder are supposed to match domain names that exactly match the remainder. Due to a bug, the match was not exact but rather a prefix match: domain names starting with the remainder would match too. This CL fixes the issue. Bug: 18432707 Change-Id: I2639ff51cabcbd395d4f30a9c69f9895738e0acf (cherry picked from commit 24aad7677073f7c2116b105e53ba2eaa05917209) --- .../java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java | 1 + .../main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java index f1decc8..82b1952 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java @@ -293,6 +293,7 @@ public final class HostnameVerifierTest { assertTrue(verifier.verify("www.foo.com", session)); assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session)); assertFalse(verifier.verify("a.b.foo.com", session)); + assertFalse(verifier.verify("foo.com.au", session)); } @Test public void verifyWilcardCnOnTld() throws Exception { diff --git a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java index a08773f..21e539c 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java +++ b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java @@ -162,7 +162,7 @@ public final class OkHostnameVerifier implements HostnameVerifier { return hostName.equals(cn); } - if (cn.startsWith("*.") && hostName.regionMatches(0, cn, 2, cn.length() - 2)) { + if (cn.startsWith("*.") && hostName.equals(cn.substring(2))) { return true; // "*.foo.com" matches "foo.com" } -- cgit v1.2.3