From dd9d042317705af425cb749245f36f01e9931a40 Mon Sep 17 00:00:00 2001 From: KIRIYAMA Takuya Date: Fri, 8 Apr 2022 15:34:02 +0900 Subject: [PATCH 1/5] 8282395: URL.openConnection can throw IOOBE --- .../share/classes/sun/net/www/ParseUtil.java | 6 +-- test/jdk/sun/net/www/ParseUtil_8282395.java | 45 +++++++++++++++++++ 2 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 test/jdk/sun/net/www/ParseUtil_8282395.java diff --git a/src/java.base/share/classes/sun/net/www/ParseUtil.java b/src/java.base/share/classes/sun/net/www/ParseUtil.java index 5b5885312d429..389a11a55cccb 100644 --- a/src/java.base/share/classes/sun/net/www/ParseUtil.java +++ b/src/java.base/share/classes/sun/net/www/ParseUtil.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -187,7 +187,7 @@ public static String decode(String s) { char c = s.charAt(0); for (int i = 0; i < n;) { assert c == s.charAt(i); - if (c != '%') { + if (!isEscaped(s, i)) { sb.append(c); if (++i >= n) break; @@ -207,7 +207,7 @@ public static String decode(String s) { if (i >= n) break; c = s.charAt(i); - if (c != '%') + if (!isEscaped(s, i)) break; } bb.flip(); diff --git a/test/jdk/sun/net/www/ParseUtil_8282395.java b/test/jdk/sun/net/www/ParseUtil_8282395.java new file mode 100644 index 0000000000000..f90bc8fb55c2f --- /dev/null +++ b/test/jdk/sun/net/www/ParseUtil_8282395.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +/* @test + * @summary URL.openConnection can throw IOOBE + * @bug 8282395 + * @modules java.base/sun.net.www + */ + + +import sun.net.www.*; + +public class ParseUtil_8282395 { + public static void main(String[] args) throws Exception { + test("%", "%"); + test("%25%s%1G", "%%s%1G"); + } + + private static void test(String data, String expect) throws Exception { + String result = ParseUtil.decode(data); + if (!result.equals(expect)) { + throw new RuntimeException("Decode does not match. expect: " + + expect + ", actual: " + result); + } + } +} From 2884959124045a33c586d72d2b2f4c148dcf8cf4 Mon Sep 17 00:00:00 2001 From: KIRIYAMA Takuya Date: Tue, 7 Jun 2022 15:52:54 +0900 Subject: [PATCH 2/5] #8282395 URL.openConnection can throw IOOBE --- src/java.base/share/classes/java/net/URL.java | 16 +++++++- .../share/classes/sun/net/www/ParseUtil.java | 8 ++-- .../net/URL/B8282395.java} | 38 ++++++++++++------- 3 files changed, 43 insertions(+), 19 deletions(-) rename test/jdk/{sun/net/www/ParseUtil_8282395.java => java/net/URL/B8282395.java} (60%) diff --git a/src/java.base/share/classes/java/net/URL.java b/src/java.base/share/classes/java/net/URL.java index 0332f037098f0..49719be74256f 100644 --- a/src/java.base/share/classes/java/net/URL.java +++ b/src/java.base/share/classes/java/net/URL.java @@ -1092,7 +1092,13 @@ public URI toURI() throws URISyntaxException { * int, java.lang.String) */ public URLConnection openConnection() throws java.io.IOException { - return handler.openConnection(this); + URLConnection url = null; + try { + url = handler.openConnection(this); + } catch (IllegalArgumentException e) { + throw new MalformedURLException(e.getMessage()); + } + return url; } /** @@ -1142,7 +1148,13 @@ public URLConnection openConnection(Proxy proxy) sm.checkConnect(epoint.getAddress().getHostAddress(), epoint.getPort()); } - return handler.openConnection(this, p); + URLConnection url = null; + try { + url = handler.openConnection(this, p); + } catch (IllegalArgumentException e) { + throw new MalformedURLException(e.getMessage()); + } + return url; } /** diff --git a/src/java.base/share/classes/sun/net/www/ParseUtil.java b/src/java.base/share/classes/sun/net/www/ParseUtil.java index 389a11a55cccb..d3baeae4efed3 100644 --- a/src/java.base/share/classes/sun/net/www/ParseUtil.java +++ b/src/java.base/share/classes/sun/net/www/ParseUtil.java @@ -187,7 +187,7 @@ public static String decode(String s) { char c = s.charAt(0); for (int i = 0; i < n;) { assert c == s.charAt(i); - if (!isEscaped(s, i)) { + if (c != '%') { sb.append(c); if (++i >= n) break; @@ -200,14 +200,14 @@ public static String decode(String s) { assert (n - i >= 2); try { bb.put(unescape(s, i)); - } catch (NumberFormatException e) { - throw new IllegalArgumentException(); + } catch (NumberFormatException | IndexOutOfBoundsException e) { + throw new IllegalArgumentException("Malformed escape pair: " + s); } i += 3; if (i >= n) break; c = s.charAt(i); - if (!isEscaped(s, i)) + if (c != '%') break; } bb.flip(); diff --git a/test/jdk/sun/net/www/ParseUtil_8282395.java b/test/jdk/java/net/URL/B8282395.java similarity index 60% rename from test/jdk/sun/net/www/ParseUtil_8282395.java rename to test/jdk/java/net/URL/B8282395.java index f90bc8fb55c2f..78ec7545871bb 100644 --- a/test/jdk/sun/net/www/ParseUtil_8282395.java +++ b/test/jdk/java/net/URL/B8282395.java @@ -23,23 +23,35 @@ /* @test * @summary URL.openConnection can throw IOOBE * @bug 8282395 - * @modules java.base/sun.net.www */ +import java.net.MalformedURLException; +import java.net.Proxy; +import java.net.URL; -import sun.net.www.*; - -public class ParseUtil_8282395 { +public class B8282395 { public static void main(String[] args) throws Exception { - test("%", "%"); - test("%25%s%1G", "%%s%1G"); - } - - private static void test(String data, String expect) throws Exception { - String result = ParseUtil.decode(data); - if (!result.equals(expect)) { - throw new RuntimeException("Decode does not match. expect: " + - expect + ", actual: " + result); + boolean res = false; + URL url = new URL("ftp://.:%@"); + try { + // Will throw IndexOutOfBoundsException if not fixed + url.openConnection(); + } catch (MalformedURLException e) { + res = true; + } + if (!res) { + throw new RuntimeException("MalformedURLException should be thrown"); + } + res = false; + try { + // Will throw IndexOutOfBoundsException if not fixed + url.openConnection(Proxy.NO_PROXY); + } catch (MalformedURLException e) { + res = true; + } + if (!res) { + throw new RuntimeException("MalformedURLException should be thrown"); } } + } From fc84ffc93db1002b5d403fc872983b691e79ea4e Mon Sep 17 00:00:00 2001 From: KIRIYAMA Takuya Date: Fri, 16 Sep 2022 14:55:59 +0900 Subject: [PATCH 3/5] 8282395: URL.openConnection can throw IOOBE --- src/java.base/share/classes/java/net/URL.java | 16 ++-------------- .../share/classes/sun/net/www/ParseUtil.java | 5 ++++- .../sun/net/www/protocol/ftp/Handler.java | 11 +++++++++-- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/src/java.base/share/classes/java/net/URL.java b/src/java.base/share/classes/java/net/URL.java index 49719be74256f..0332f037098f0 100644 --- a/src/java.base/share/classes/java/net/URL.java +++ b/src/java.base/share/classes/java/net/URL.java @@ -1092,13 +1092,7 @@ public URI toURI() throws URISyntaxException { * int, java.lang.String) */ public URLConnection openConnection() throws java.io.IOException { - URLConnection url = null; - try { - url = handler.openConnection(this); - } catch (IllegalArgumentException e) { - throw new MalformedURLException(e.getMessage()); - } - return url; + return handler.openConnection(this); } /** @@ -1148,13 +1142,7 @@ public URLConnection openConnection(Proxy proxy) sm.checkConnect(epoint.getAddress().getHostAddress(), epoint.getPort()); } - URLConnection url = null; - try { - url = handler.openConnection(this, p); - } catch (IllegalArgumentException e) { - throw new MalformedURLException(e.getMessage()); - } - return url; + return handler.openConnection(this, p); } /** diff --git a/src/java.base/share/classes/sun/net/www/ParseUtil.java b/src/java.base/share/classes/sun/net/www/ParseUtil.java index d3baeae4efed3..034ab22fcb3ae 100644 --- a/src/java.base/share/classes/sun/net/www/ParseUtil.java +++ b/src/java.base/share/classes/sun/net/www/ParseUtil.java @@ -197,7 +197,10 @@ public static String decode(String s) { bb.clear(); int ui = i; for (;;) { - assert (n - i >= 2); + if (n - i >= 2) { + throw new IllegalArgumentException("Malformed escape pair: " + s); + } + try { bb.put(unescape(s, i)); } catch (NumberFormatException | IndexOutOfBoundsException e) { diff --git a/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java b/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java index 80c85ea642b4c..826f46ca6e947 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java +++ b/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1994, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ package sun.net.www.protocol.ftp; import java.io.IOException; +import java.net.MalformedURLException; import java.net.URL; import java.net.Proxy; import java.util.Map; @@ -58,6 +59,12 @@ protected java.net.URLConnection openConnection(URL u) protected java.net.URLConnection openConnection(URL u, Proxy p) throws IOException { - return new FtpURLConnection(u, p); + FtpURLConnection connection = null; + try { + connection = new FtpURLConnection(u, p); + } catch (IllegalArgumentException e) { + throw new MalformedURLException(e.getMessage()); + } + return connection; } } From b3997951b2187e776a50660bd5a3675869d96cc1 Mon Sep 17 00:00:00 2001 From: KIRIYAMA Takuya Date: Fri, 30 Sep 2022 18:03:57 +0900 Subject: [PATCH 4/5] 8282395: URL.openConnection can throw IOOBE --- .../share/classes/sun/net/www/protocol/ftp/Handler.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java b/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java index 826f46ca6e947..1de4c52abea5f 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java +++ b/src/java.base/share/classes/sun/net/www/protocol/ftp/Handler.java @@ -63,7 +63,9 @@ protected java.net.URLConnection openConnection(URL u, Proxy p) try { connection = new FtpURLConnection(u, p); } catch (IllegalArgumentException e) { - throw new MalformedURLException(e.getMessage()); + var mfue = new MalformedURLException(e.getMessage()); + mfue.initCause(e); + throw mfue; } return connection; } From 2064a4781ec58a687979d25807553deffdb3e7f7 Mon Sep 17 00:00:00 2001 From: KIRIYAMA Takuya Date: Wed, 5 Oct 2022 16:43:51 +0900 Subject: [PATCH 5/5] 8282395: URL.openConnection can throw IOOBE --- src/java.base/share/classes/sun/net/www/ParseUtil.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/java.base/share/classes/sun/net/www/ParseUtil.java b/src/java.base/share/classes/sun/net/www/ParseUtil.java index 034ab22fcb3ae..d84fa82b19e42 100644 --- a/src/java.base/share/classes/sun/net/www/ParseUtil.java +++ b/src/java.base/share/classes/sun/net/www/ParseUtil.java @@ -197,7 +197,7 @@ public static String decode(String s) { bb.clear(); int ui = i; for (;;) { - if (n - i >= 2) { + if (n - i < 2) { throw new IllegalArgumentException("Malformed escape pair: " + s); }