mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-27 23:04:50 +02:00
8296676: Improve String platform support
Reviewed-by: aefimov, dfuchs
This commit is contained in:
Michael McMahon
Henry Jen
parent
5ec0120152
commit
ec119716e5
2 changed files with 35 additions and 2 deletions
|
|
@ -1062,6 +1062,7 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
|
||||||
throws UnknownHostException {
|
throws UnknownHostException {
|
||||||
Objects.requireNonNull(host);
|
Objects.requireNonNull(host);
|
||||||
Objects.requireNonNull(policy);
|
Objects.requireNonNull(policy);
|
||||||
|
validate(host);
|
||||||
InetAddress[] addrs;
|
InetAddress[] addrs;
|
||||||
long comp = Blocker.begin();
|
long comp = Blocker.begin();
|
||||||
try {
|
try {
|
||||||
|
|
@ -1475,6 +1476,7 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
validate(host);
|
||||||
boolean ipv6Expected = false;
|
boolean ipv6Expected = false;
|
||||||
if (host.charAt(0) == '[') {
|
if (host.charAt(0) == '[') {
|
||||||
// This is supposed to be an IPv6 literal
|
// This is supposed to be an IPv6 literal
|
||||||
|
|
@ -1873,4 +1875,10 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
|
||||||
pf.put("family", holder().getFamily());
|
pf.put("family", holder().getFamily());
|
||||||
s.writeFields();
|
s.writeFields();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static void validate(String host) throws UnknownHostException {
|
||||||
|
if (host.indexOf(0) != -1) {
|
||||||
|
throw new UnknownHostException("NUL character not allowed in hostname");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2359,7 +2359,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
* the connection.
|
* the connection.
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings({"removal","fallthrough"})
|
@SuppressWarnings({"removal","fallthrough"})
|
||||||
private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr) {
|
private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr)
|
||||||
|
throws IOException {
|
||||||
|
|
||||||
assert isLockHeldByCurrentThread();
|
assert isLockHeldByCurrentThread();
|
||||||
|
|
||||||
|
|
@ -2460,6 +2461,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
authenticator,
|
authenticator,
|
||||||
host, null, port, url.getProtocol(),
|
host, null, port, url.getProtocol(),
|
||||||
"", scheme, url, RequestorType.PROXY);
|
"", scheme, url, RequestorType.PROXY);
|
||||||
|
validateNTLMCredentials(a);
|
||||||
}
|
}
|
||||||
/* If we are not trying transparent authentication then
|
/* If we are not trying transparent authentication then
|
||||||
* we need to have a PasswordAuthentication instance. For
|
* we need to have a PasswordAuthentication instance. For
|
||||||
|
|
@ -2529,7 +2531,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
* preferred.
|
* preferred.
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("fallthrough")
|
@SuppressWarnings("fallthrough")
|
||||||
private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr) {
|
private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr)
|
||||||
|
throws IOException {
|
||||||
|
|
||||||
// Only called from getInputStream0
|
// Only called from getInputStream0
|
||||||
assert isLockHeldByCurrentThread();
|
assert isLockHeldByCurrentThread();
|
||||||
|
|
@ -2641,6 +2644,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
authenticator,
|
authenticator,
|
||||||
url.getHost(), addr, port, url.getProtocol(),
|
url.getHost(), addr, port, url.getProtocol(),
|
||||||
"", scheme, url, RequestorType.SERVER);
|
"", scheme, url, RequestorType.SERVER);
|
||||||
|
validateNTLMCredentials(a);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If we are not trying transparent authentication then
|
/* If we are not trying transparent authentication then
|
||||||
|
|
@ -3997,6 +4001,27 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||||
private static URL newURL(URL context, String spec) throws MalformedURLException {
|
private static URL newURL(URL context, String spec) throws MalformedURLException {
|
||||||
return new URL(context, spec);
|
return new URL(context, spec);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ensure there are no null characters in username or password
|
||||||
|
private static void validateNTLMCredentials(PasswordAuthentication pw)
|
||||||
|
throws IOException {
|
||||||
|
|
||||||
|
if (pw == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
char[] password = pw.getPassword();
|
||||||
|
if (password != null) {
|
||||||
|
for (int i=0; i<password.length; i++) {
|
||||||
|
if (password[i] == 0) {
|
||||||
|
throw new IOException("NUL character not allowed in NTLM password");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
String username = pw.getUserName();
|
||||||
|
if (username != null && username.indexOf(0) != -1) {
|
||||||
|
throw new IOException("NUL character not allowed in NTLM username or domain");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** An input stream that just returns EOF. This is for
|
/** An input stream that just returns EOF. This is for
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue