Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
5b83d20b
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
5b83d20b
编写于
7月 27, 2011
作者:
C
chegar
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6670868: StackOverFlow with bad authenticated Proxy tunnels
Reviewed-by: michaelm
上级
e751f230
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
130 addition
and
12 deletion
+130
-12
src/share/classes/sun/net/www/http/HttpClient.java
src/share/classes/sun/net/www/http/HttpClient.java
+16
-2
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
.../classes/sun/net/www/protocol/http/HttpURLConnection.java
+1
-10
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java
...col/https/HttpsURLConnection/HttpsProxyStackOverflow.java
+113
-0
未找到文件。
src/share/classes/sun/net/www/http/HttpClient.java
浏览文件 @
5b83d20b
...
...
@@ -599,7 +599,9 @@ public class HttpClient extends NetworkClient {
cachedHttpClient
=
false
;
if
(!
failedOnce
&&
requests
!=
null
)
{
failedOnce
=
true
;
if
(
httpuc
.
getRequestMethod
().
equals
(
"POST"
)
&&
(!
retryPostProp
||
streaming
))
{
if
(
getRequestMethod
().
equals
(
"CONNECT"
)
||
(
httpuc
.
getRequestMethod
().
equals
(
"POST"
)
&&
(!
retryPostProp
||
streaming
)))
{
// do not retry the request
}
else
{
// try once more
...
...
@@ -706,7 +708,9 @@ public class HttpClient extends NetworkClient {
}
else
if
(
nread
!=
8
)
{
if
(!
failedOnce
&&
requests
!=
null
)
{
failedOnce
=
true
;
if
(
httpuc
.
getRequestMethod
().
equals
(
"POST"
)
&&
(!
retryPostProp
||
streaming
))
{
if
(
getRequestMethod
().
equals
(
"CONNECT"
)
||
(
httpuc
.
getRequestMethod
().
equals
(
"POST"
)
&&
(!
retryPostProp
||
streaming
)))
{
// do not retry the request
}
else
{
closeServer
();
...
...
@@ -891,6 +895,16 @@ public class HttpClient extends NetworkClient {
return
cacheRequest
;
}
String
getRequestMethod
()
{
if
(
requests
!=
null
)
{
String
requestLine
=
requests
.
getKey
(
0
);
if
(
requestLine
!=
null
)
{
return
requestLine
.
split
(
"\\s+"
)[
0
];
}
}
return
""
;
}
@Override
protected
void
finalize
()
throws
Throwable
{
// This should do nothing. The stream finalizer will
...
...
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
浏览文件 @
5b83d20b
...
...
@@ -1880,14 +1880,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
private
void
sendCONNECTRequest
()
throws
IOException
{
int
port
=
url
.
getPort
();
// setRequests == true indicates the std. request headers
// have been set in (previous) requests.
// so the first one must be the http method (GET, etc.).
// we need to set it to CONNECT soon, remove this one first.
// otherwise, there may have 2 http methods in headers
if
(
setRequests
)
requests
.
set
(
0
,
null
,
null
);
requests
.
prepend
(
HTTP_CONNECT
+
" "
+
connectRequestURI
(
url
)
requests
.
set
(
0
,
HTTP_CONNECT
+
" "
+
connectRequestURI
(
url
)
+
" "
+
httpVersion
,
null
);
requests
.
setIfNotSet
(
"User-Agent"
,
userAgent
);
...
...
@@ -1912,8 +1905,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
http
.
writeRequests
(
requests
,
null
);
// remove CONNECT header
requests
.
set
(
0
,
null
,
null
);
}
/**
...
...
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java
0 → 100644
浏览文件 @
5b83d20b
/*
* Copyright (c) 2011 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6670868
* @summary StackOverFlow with bad authenticated Proxy tunnels
*/
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.net.Authenticator
;
import
java.net.Proxy
;
import
java.net.InetSocketAddress
;
import
java.net.PasswordAuthentication
;
import
java.net.ServerSocket
;
import
java.net.Socket
;
import
java.net.URL
;
import
javax.net.ssl.HttpsURLConnection
;
public
class
HttpsProxyStackOverflow
{
public
static
void
main
(
String
[]
args
)
throws
IOException
{
BadAuthProxyServer
server
=
startServer
();
doClient
(
server
);
}
static
void
doClient
(
BadAuthProxyServer
server
)
throws
IOException
{
// url doesn't matter since we will never make the connection
URL
url
=
new
URL
(
"https://anythingwilldo/"
);
HttpsURLConnection
conn
=
(
HttpsURLConnection
)
url
.
openConnection
(
new
Proxy
(
Proxy
.
Type
.
HTTP
,
new
InetSocketAddress
(
"localhost"
,
server
.
getPort
())));
try
(
InputStream
is
=
conn
.
getInputStream
())
{
}
catch
(
IOException
unused
)
{
// no real server, IOException is expected.
// failure if StackOverflowError
}
finally
{
server
.
done
();
}
}
static
BadAuthProxyServer
startServer
()
throws
IOException
{
Authenticator
.
setDefault
(
new
Authenticator
()
{
@Override
protected
PasswordAuthentication
getPasswordAuthentication
()
{
return
new
PasswordAuthentication
(
"xyz"
,
"xyz"
.
toCharArray
());
}
});
BadAuthProxyServer
server
=
new
BadAuthProxyServer
(
new
ServerSocket
(
0
));
Thread
serverThread
=
new
Thread
(
server
);
serverThread
.
start
();
return
server
;
}
static
class
BadAuthProxyServer
implements
Runnable
{
private
ServerSocket
ss
;
private
boolean
done
;
BadAuthProxyServer
(
ServerSocket
ss
)
{
this
.
ss
=
ss
;
}
public
void
run
()
{
try
{
while
(!
done
)
{
Socket
s
=
ss
.
accept
();
s
.
getOutputStream
().
write
(
(
"HTTP/1.1 407\nProxy-Authenticate:Basic "
+
"realm=\"WallyWorld\"\n\n"
).
getBytes
(
"US-ASCII"
));
s
.
close
();
s
=
ss
.
accept
();
s
.
close
();
}
}
catch
(
IOException
e
)
{
// Ignore IOException when the main thread calls done
}
finally
{
try
{
ss
.
close
();
}
catch
(
IOException
e
)
{}
}
}
int
getPort
()
{
return
ss
.
getLocalPort
();
}
void
done
()
{
try
{
ss
.
close
();
}
catch
(
IOException
e
)
{}
done
=
true
;
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录