Mercurial > hg > openjdk > bsd-port > jdk
changeset 8771:26aa66633abc
8176751: Better URL connections
Reviewed-by: chegar, michaelm, rhalade, rpatil, vtewari
author | dfuchs |
---|---|
date | Thu, 23 Mar 2017 15:07:26 +0000 |
parents | f02f003a47f0 |
children | 660670bfdb9f |
files | src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java |
diffstat | 3 files changed, 43 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java Fri Apr 07 17:54:06 2017 +0530 +++ b/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java Thu Mar 23 15:07:26 2017 +0000 @@ -38,6 +38,7 @@ import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import javax.net.ssl.*; import java.security.Permission; @@ -75,10 +76,18 @@ this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other // HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); }
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Fri Apr 07 17:54:06 2017 +0530 +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Mar 23 15:07:26 2017 +0000 @@ -761,18 +761,36 @@ this(u, null, handler); } - public HttpURLConnection(URL u, String host, int port) { - this(u, new Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved(host, port))); + private static String checkHost(String h) throws IOException { + if (h != null) { + if (h.indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in host"); + } + } + return h; + } + public HttpURLConnection(URL u, String host, int port) throws IOException { + this(u, new Proxy(Proxy.Type.HTTP, + InetSocketAddress.createUnresolved(checkHost(host), port))); } /** this constructor is used by other protocol handlers such as ftp that want to use http to fetch urls on their behalf.*/ - public HttpURLConnection(URL u, Proxy p) { + public HttpURLConnection(URL u, Proxy p) throws IOException { this(u, p, new Handler()); } - protected HttpURLConnection(URL u, Proxy p, Handler handler) { - super(u); + private static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } + protected HttpURLConnection(URL u, Proxy p, Handler handler) + throws IOException { + super(checkURL(u)); requests = new MessageHeader(); responses = new MessageHeader(); this.handler = handler;
--- a/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java Fri Apr 07 17:54:06 2017 +0530 +++ b/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java Thu Mar 23 15:07:26 2017 +0000 @@ -38,6 +38,7 @@ import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import javax.net.ssl.*; import java.security.Permission; @@ -79,10 +80,18 @@ this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException { // HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); }