OpenJDK / jdk / hs

changeset 47609:45a84b0b59b9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8176751: Better URL connections Reviewed-by: chegar, michaelm, rhalade, rpatil, vtewari
author dfuchs
date Thu, 23 Mar 2017 15:07:26 +0000
parents 1f8bec78ed3d
children 194f4c32678b
files src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java
diffstat 3 files changed, 43 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java	Wed Mar 15 22:27:12 2017 +0800
+++ b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java	Thu Mar 23 15:07:26 2017 +0000
@@ -38,6 +38,7 @@
 import java.net.URL;
 import java.net.Proxy;
 import java.net.ProtocolException;
+import java.net.MalformedURLException;
 import java.io.*;
 import java.net.Authenticator;
 import javax.net.ssl.*;
@@ -78,10 +79,18 @@
         this(u, null, handler);
     }
 
+    static URL checkURL(URL u) throws IOException {
+        if (u != null) {
+            if (u.toExternalForm().indexOf('\n') > -1) {
+                throw new MalformedURLException("Illegal character in URL");
+            }
+        }
+        return u;
+    }
 // For both copies of the file, uncomment one line and comment the other
 //    HttpsURLConnectionImpl(URL u, Handler handler) throws IOException {
     HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException {
-        super(u);
+        super(checkURL(u));
         delegate = new DelegateHttpsURLConnection(url, p, handler, this);
     }
 
--- a/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Wed Mar 15 22:27:12 2017 +0800
+++ b/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Thu Mar 23 15:07:26 2017 +0000
@@ -843,18 +843,36 @@
         this(u, null, handler);
     }
 
-    public HttpURLConnection(URL u, String host, int port) {
-        this(u, new Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved(host, port)));
+    private static String checkHost(String h) throws IOException {
+        if (h != null) {
+            if (h.indexOf('\n') > -1) {
+                throw new MalformedURLException("Illegal character in host");
+            }
+        }
+        return h;
+    }
+    public HttpURLConnection(URL u, String host, int port) throws IOException {
+        this(u, new Proxy(Proxy.Type.HTTP,
+                InetSocketAddress.createUnresolved(checkHost(host), port)));
     }
 
     /** this constructor is used by other protocol handlers such as ftp
         that want to use http to fetch urls on their behalf.*/
-    public HttpURLConnection(URL u, Proxy p) {
+    public HttpURLConnection(URL u, Proxy p) throws IOException {
         this(u, p, new Handler());
     }
 
-    protected HttpURLConnection(URL u, Proxy p, Handler handler) {
-        super(u);
+    private static URL checkURL(URL u) throws IOException {
+        if (u != null) {
+            if (u.toExternalForm().indexOf('\n') > -1) {
+                throw new MalformedURLException("Illegal character in URL");
+            }
+        }
+        return u;
+    }
+    protected HttpURLConnection(URL u, Proxy p, Handler handler)
+            throws IOException {
+        super(checkURL(u));
         requests = new MessageHeader();
         responses = new MessageHeader();
         userHeaders = new MessageHeader();
--- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java	Wed Mar 15 22:27:12 2017 +0800
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java	Thu Mar 23 15:07:26 2017 +0000
@@ -38,6 +38,7 @@
 import java.net.URL;
 import java.net.Proxy;
 import java.net.ProtocolException;
+import java.net.MalformedURLException;
 import java.io.*;
 import java.net.Authenticator;
 import javax.net.ssl.*;
@@ -80,10 +81,18 @@
         this(u, null, handler);
     }
 
+    static URL checkURL(URL u) throws IOException {
+        if (u != null) {
+            if (u.toExternalForm().indexOf('\n') > -1) {
+                throw new MalformedURLException("Illegal character in URL");
+            }
+        }
+        return u;
+    }
 // For both copies of the file, uncomment one line and comment the other
     HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException {
 //    HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException {
-        super(u);
+        super(checkURL(u));
         delegate = new DelegateHttpsURLConnection(url, p, handler, this);
     }
© 2007, Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks