From aeea96ec7e1404c2dd678a3d0e37bbb8096003b1 Mon Sep 17 00:00:00 2001 From: michaelm Date: Mon, 4 Nov 2013 17:47:59 +0000 Subject: [PATCH] 8027687: The constructors of URLPermission class do not behave as described in javad Reviewed-by: chegar, mduigou --- src/share/classes/java/net/HostPortrange.java | 36 +++++++++++++++++-- src/share/classes/java/net/URLPermission.java | 5 ++- .../net/URLPermission/URLPermissionTest.java | 13 ++++++- 3 files changed, 50 insertions(+), 4 deletions(-) diff --git a/src/share/classes/java/net/HostPortrange.java b/src/share/classes/java/net/HostPortrange.java index fc5e3d98a..3c924d8bf 100644 --- a/src/share/classes/java/net/HostPortrange.java +++ b/src/share/classes/java/net/HostPortrange.java @@ -114,7 +114,7 @@ class HostPortrange { if (hoststr.equals("*")) { hoststr = ""; } else if (hoststr.startsWith("*.")) { - hoststr = hoststr.substring(1).toLowerCase(); // leave the '.' ? + hoststr = toLowerCase(hoststr.substring(1)); } else { throw new IllegalArgumentException("invalid host wildcard specification"); } @@ -147,7 +147,7 @@ class HostPortrange { hoststr = sb.toString(); } else { // regular domain name - hoststr = hoststr.toLowerCase(); + hoststr = toLowerCase(hoststr); } } } @@ -161,6 +161,38 @@ class HostPortrange { } } + static final int CASE_DIFF = 'A' - 'a'; + + /** + * Convert to lower case, and check that all chars are ascii + * alphanumeric, '-' or '.' only. + */ + static String toLowerCase(String s) { + int len = s.length(); + StringBuilder sb = null; + + for (int i=0; i= 'a' && c <= 'z') || (c == '.')) { + if (sb != null) + sb.append(c); + } else if ((c >= '0' && c <= '9') || (c == '-')) { + if (sb != null) + sb.append(c); + } else if (c >= 'A' && c <= 'Z') { + if (sb == null) { + sb = new StringBuilder(len); + sb.append(s, 0, i); + } + sb.append((char)(c - CASE_DIFF)); + } else { + throw new IllegalArgumentException("Invalid characters in hostname"); + } + } + return sb == null ? s : sb.toString(); + } + + public boolean literal() { return literal; } diff --git a/src/share/classes/java/net/URLPermission.java b/src/share/classes/java/net/URLPermission.java index 7ad56a1c2..13472a9e5 100644 --- a/src/share/classes/java/net/URLPermission.java +++ b/src/share/classes/java/net/URLPermission.java @@ -426,7 +426,10 @@ public final class URLPermission extends Permission { this.ssp = url.substring(delim + 1); if (!ssp.startsWith("//")) { - this.authority = new Authority(scheme, ssp.toLowerCase()); + if (!ssp.equals("*")) { + throw new IllegalArgumentException("invalid URL string"); + } + this.authority = new Authority(scheme, "*"); return; } String authpath = ssp.substring(2); diff --git a/test/java/net/URLPermission/URLPermissionTest.java b/test/java/net/URLPermission/URLPermissionTest.java index 3bf862b6d..948e9dabb 100644 --- a/test/java/net/URLPermission/URLPermissionTest.java +++ b/test/java/net/URLPermission/URLPermissionTest.java @@ -186,6 +186,14 @@ public class URLPermissionTest { imtest("http:*", "https://www.foo.com/a/b/c", false), imtest("http:*", "http://www.foo.com/a/b/c", true), imtest("http:*", "http://foo/bar", true), + imtest("http://WWW.foO.cOM/a/b/*", "http://wwW.foo.com/a/b/c", true), + imtest("http://wWw.fOo.cOm/a/b/*", "http://Www.foo.com/a/b/*", true), + imtest("http://www.FOO.com/", "http://www.foo.COM/", true), + imtest("http://66ww-w.F-O012O.com/", "http://66ww-w.f-o012o.COM/",true), + imtest("http://xn--ire-9la.com/", "http://xn--ire-9la.COM/", true), + imtest("http://x/", "http://X/", true), + imtest("http://x/", "http://x/", true), + imtest("http://X/", "http://X/", true), imtest("http://foo/bar", "https://foo/bar", false) }; @@ -194,9 +202,12 @@ public class URLPermissionTest { static Test[] exceptionTests = { extest("http://1.2.3.4.5/a/b/c"), extest("http://www.*.com"), - //extest("http://www.foo.com:1-X"), extest("http://[foo.com]:99"), extest("http://[fec0::X]:99"), + extest("http:\\www.foo.com"), + extest("http://w_09ww.foo.com"), + extest("http://w&09ww.foo.com/p"), + extest("http://www+foo.com"), extest("http:") }; -- GitLab