diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-13 07:53:43 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-13 07:53:43 +0000 |
| commit | a99acb215db9e06df4bea1af21c792b8fbd2290e (patch) | |
| tree | 356279f7af225dcf3856a71256999d0668df52de | |
| parent | 5b1bb027054bd42a745da9275ed1880f964ce4ad (diff) | |
| parent | 35d92595a50d73b60d276d31c240aef1d505ce61 (diff) | |
| download | okhttp-android10-android13-mainline-tzdata-release.tar.gz | |
Snap for 9170954 from 35d92595a50d73b60d276d31c240aef1d505ce61 to qt-aml-tzdata-releaseq_tzdata_aml_297100400q_tzdata_aml_297100300q_tzdata_aml_297100000q_tzdata_aml_296200000q_tzdata_aml_295600118q_tzdata_aml_295600110q_tzdata_aml_295500002q_tzdata_aml_295500001q_tzdata_aml_297100000android10-mainline-tzdata-releaseandroid10-android13-mainline-tzdata-release
Change-Id: I594417bdda7fe9edf4c645fe15292623855fb8af
| -rw-r--r-- | repackaged/okhttp/src/main/java/com/android/okhttp/internal/tls/OkHostnameVerifier.java | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/repackaged/okhttp/src/main/java/com/android/okhttp/internal/tls/OkHostnameVerifier.java b/repackaged/okhttp/src/main/java/com/android/okhttp/internal/tls/OkHostnameVerifier.java index 3cdd1bf..450e353 100644 --- a/repackaged/okhttp/src/main/java/com/android/okhttp/internal/tls/OkHostnameVerifier.java +++ b/repackaged/okhttp/src/main/java/com/android/okhttp/internal/tls/OkHostnameVerifier.java @@ -96,6 +96,11 @@ public final class OkHostnameVerifier implements HostnameVerifier { * Returns true if {@code certificate} matches {@code hostName}. */ private boolean verifyHostName(String hostName, X509Certificate certificate) { + // BEGIN Android-added: Reject non-ASCII hostnames and SANs. http://b/171980069 + if (!isPrintableAscii(hostName)) { + return false; + } + // END Android-added: Reject non-ASCII hostnames and SANs. http://b/171980069 hostName = hostName.toLowerCase(Locale.US); boolean hasDns = false; List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME); @@ -198,6 +203,11 @@ public final class OkHostnameVerifier implements HostnameVerifier { } // hostName and pattern are now absolute domain names. + // BEGIN Android-added: Reject non-ASCII hostnames and SANs. http://b/171980069 + if (!isPrintableAscii(pattern)) { + return false; + } + // END Android-added: Reject non-ASCII hostnames and SANs. http://b/171980069 pattern = pattern.toLowerCase(Locale.US); // hostName and pattern are now in lower case -- domain names are case-insensitive. @@ -254,4 +264,25 @@ public final class OkHostnameVerifier implements HostnameVerifier { // hostName matches pattern return true; } + + // BEGIN Android-added: Reject non-ASCII hostnames and SANs. http://b/171980069 + /** + * Returns true if the input string contains only printable 7-bit ASCII + * characters, otherwise false. + */ + private static final char DEL = 127; + static boolean isPrintableAscii(String input) { + if (input == null) { + return false; + } + for (char c : input.toCharArray()) { + // Space is illegal in a DNS name. DEL and anything less than space is non-printing so + // also illegal. Anything greater than DEL is not 7-bit. + if (c <= ' ' || c >= DEL) { + return false; + } + } + return true; + } + // END Android-added: Reject non-ASCII hostnames and SANs. http://b/171980069 } |