diff --git a/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java b/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java index 07237569fbeed5954657ba7fd187fdb3905ebc76..8c4d54fe60c25b0ec98b007c3701fe17b5d5edfc 100644 --- a/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java +++ b/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java @@ -38,6 +38,7 @@ package com.sun.net.ssl.internal.www.protocol.https; import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import javax.net.ssl.*; import java.security.Permission; @@ -75,10 +76,18 @@ public class HttpsURLConnectionOldImpl this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other // HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); } diff --git a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 3a429e97072db9db2950fb1abb9a56fda4078988..6116faefb7f2d94ec3576e2845e210fef6b72563 100644 --- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -825,18 +825,36 @@ public class HttpURLConnection extends java.net.HttpURLConnection { this(u, null, handler); } - public HttpURLConnection(URL u, String host, int port) { - this(u, new Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved(host, port))); + private static String checkHost(String h) throws IOException { + if (h != null) { + if (h.indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in host"); + } + } + return h; + } + public HttpURLConnection(URL u, String host, int port) throws IOException { + this(u, new Proxy(Proxy.Type.HTTP, + InetSocketAddress.createUnresolved(checkHost(host), port))); } /** this constructor is used by other protocol handlers such as ftp that want to use http to fetch urls on their behalf.*/ - public HttpURLConnection(URL u, Proxy p) { + public HttpURLConnection(URL u, Proxy p) throws IOException { this(u, p, new Handler()); } - protected HttpURLConnection(URL u, Proxy p, Handler handler) { - super(u); + private static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } + protected HttpURLConnection(URL u, Proxy p, Handler handler) + throws IOException { + super(checkURL(u)); requests = new MessageHeader(); responses = new MessageHeader(); userHeaders = new MessageHeader(); diff --git a/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java b/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java index 1ec1700ea67c9d2a2e50fe5cde991e79cf92ddf4..e43a36310ab1d2f48349a1090d0f8210ee2bca80 100644 --- a/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java +++ b/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java @@ -38,6 +38,7 @@ package sun.net.www.protocol.https; import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import javax.net.ssl.*; import java.security.Permission; @@ -79,10 +80,18 @@ public class HttpsURLConnectionImpl this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException { // HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); }