From: Felix Dörre <felix@dogcraft.de>
Date: Tue, 23 Feb 2016 20:34:19 +0000 (+0100)
Subject: add: additional check for ip-addresses as domains
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=5c20d966d8bfd34868ad3d428aed27986049f6b1

add: additional check for ip-addresses as domains
---

diff --git a/src/org/cacert/gigi/dbObjects/Domain.java b/src/org/cacert/gigi/dbObjects/Domain.java
index e5d66a93..19594d7d 100644
--- a/src/org/cacert/gigi/dbObjects/Domain.java
+++ b/src/org/cacert/gigi/dbObjects/Domain.java
@@ -73,6 +73,12 @@ public class Domain implements IdCachable, Verifyable {
         if ( !s.equals(publicSuffix)) {
             throw new GigiApiException("You may only register a domain with exactly one lable before the public suffix.");
         }
+        if (("." + s).matches("(.[0-9]*)*")) {
+            // This is not reached because we currently have no TLD that is
+            // numbers only. But who knows..
+            // Better safe than sorry.
+            throw new GigiApiException("IP Addresses are not allowed");
+        }
         checkPunycode(parts[0], s.substring(parts[0].length() + 1));
     }
 
diff --git a/tests/org/cacert/gigi/DomainVerification.java b/tests/org/cacert/gigi/DomainVerification.java
index bc6f5fdb..cd31f8ef 100644
--- a/tests/org/cacert/gigi/DomainVerification.java
+++ b/tests/org/cacert/gigi/DomainVerification.java
@@ -62,6 +62,11 @@ public class DomainVerification {
         isCertifyableDomain(false, "xn--a-zfa9cya.com", true);
         isCertifyableDomain(true, "zfa9cya.com", true);
 
+        isCertifyableDomain(false, "127.0.0.1", false);
+        isCertifyableDomain(false, "::1", false);
+        isCertifyableDomain(false, "127.0.0.1", true);
+        isCertifyableDomain(false, "::1", true);
+
     }
 
     private void isCertifyableDomain(boolean b, String string, boolean puny) {