From 20a5b2effee8ebc280ef98096fd83dd9eb920eae Mon Sep 17 00:00:00 2001 From: dfuchs Date: Thu, 23 Mar 2017 15:07:26 +0000 Subject: [PATCH] 8176751: Better URL connections Reviewed-by: chegar, michaelm, rhalade, rpatil, vtewari --- .../https/HttpsURLConnectionOldImpl.java | 11 +++++++- .../www/protocol/http/HttpURLConnection.java | 28 +++++++++++++++---- .../https/HttpsURLConnectionImpl.java | 11 +++++++- 3 files changed, 43 insertions(+), 7 deletions(-) diff --git a/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java b/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java index 07237569f..8c4d54fe6 100644 --- a/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java +++ b/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java @@ -38,6 +38,7 @@ package com.sun.net.ssl.internal.www.protocol.https; import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import javax.net.ssl.*; import java.security.Permission; @@ -75,10 +76,18 @@ public class HttpsURLConnectionOldImpl this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other // HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); } diff --git a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 3a429e970..6116faefb 100644 --- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -825,18 +825,36 @@ public class HttpURLConnection extends java.net.HttpURLConnection { this(u, null, handler); } - public HttpURLConnection(URL u, String host, int port) { - this(u, new Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved(host, port))); + private static String checkHost(String h) throws IOException { + if (h != null) { + if (h.indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in host"); + } + } + return h; + } + public HttpURLConnection(URL u, String host, int port) throws IOException { + this(u, new Proxy(Proxy.Type.HTTP, + InetSocketAddress.createUnresolved(checkHost(host), port))); } /** this constructor is used by other protocol handlers such as ftp that want to use http to fetch urls on their behalf.*/ - public HttpURLConnection(URL u, Proxy p) { + public HttpURLConnection(URL u, Proxy p) throws IOException { this(u, p, new Handler()); } - protected HttpURLConnection(URL u, Proxy p, Handler handler) { - super(u); + private static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } + protected HttpURLConnection(URL u, Proxy p, Handler handler) + throws IOException { + super(checkURL(u)); requests = new MessageHeader(); responses = new MessageHeader(); userHeaders = new MessageHeader(); diff --git a/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java b/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java index 1ec1700ea..e43a36310 100644 --- a/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java +++ b/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java @@ -38,6 +38,7 @@ package sun.net.www.protocol.https; import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import javax.net.ssl.*; import java.security.Permission; @@ -79,10 +80,18 @@ public class HttpsURLConnectionImpl this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException { // HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); } -- GitLab