add some validations to the zoneId delimiter parsing

Author: cshtdd

server/src/main/java/org/elasticsearch/common/network/InetAddresses.java

@@ -43,13 +43,29 @@ private static byte[] ipStringToBytes(String ipString) {
         for (int i = 0; i < ipString.length(); i++) {
             char c = ipString.charAt(i);
             if (c == '.') {
+                if (hasPercent){
+                    return null;  // Dots must not appear after percents.
+                }
+
                 hasDot = true;
             } else if (c == ':') {
+                if (hasPercent){
+                    return null;  // Colons must not appear after percents.
+                }
+
                 if (hasDot) {
                     return null;  // Colons must not appear after dots.
                 }
                 hasColon = true;
             } else if (c == '%'){
+                if (hasPercent){
+                    return null;  // There can only be one percent.
+                }
+
+                if (!hasColon){
+                    return null;  // Percents can only appear if there are colons.
+                }
+
                 hasPercent = true;
                 percentIndex = i;
             } else if (Character.digit(c, 16) == -1) {
@@ -60,7 +76,7 @@ private static byte[] ipStringToBytes(String ipString) {
         // strip zoneId from the address
         if (hasPercent){
             String ipStringWithoutZoneId = ipString.substring(0, percentIndex);
-            return ipStringToBytes(ipStringWithoutZoneId, hasColon, hasDot);
+            return ipStringToBytes(ipStringWithoutZoneId);
         }
 
         return ipStringToBytes(ipString, hasColon, hasDot);

server/src/test/java/org/elasticsearch/common/network/InetAddressesTests.java

@@ -218,6 +218,42 @@ public void testToAddrStringIPv6WithZoneId(){
                 InetAddresses.forString("::1.2.3.4%0")));
     }
 
+    public void testToAddrStringIPv6WithInvalidZoneId(){
+        IllegalArgumentException e = null;
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("::1%fred"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("::1%%"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("%::1"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("0::0:0:0:0:0:0%:1"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("::1%1.2.3.4"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+    }
+
+    public void testToAddrStringZoneIdDelimiterCannotAppearRightAfterOtherDelimiters(){
+        IllegalArgumentException e = null;
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("::1:%0"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("::1:1.2.3.%0"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+    }
+
+    public void testToAddrStringIPv4DoesNotAllowZoneId(){
+        IllegalArgumentException e = null;
+
+        e = expectThrows(IllegalArgumentException.class, () -> InetAddresses.forString("1.2.3.4%0"));
+        assertThat(e.getMessage(), Matchers.containsString("is not an IP string literal"));
+    }
+
     public void testToUriStringIPv4() {
         String ipStr = "1.2.3.4";
         InetAddress ip = InetAddresses.forString(ipStr);