From 562fb9a67fdf542413096c9e2f4588d13a10a083 Mon Sep 17 00:00:00 2001 From: Michael McMahon Date: Tue, 20 Oct 2009 15:35:55 +0100 Subject: [PATCH] 6890349: Fix #6870935 in jdk7/pit/b74 caused HttpClinet's check for "proxy capture" attack by-passed Pass exception up stack Reviewed-by: chegar --- .../protocol/http/DigestAuthentication.java | 6 +- .../www/protocol/http/HttpURLConnection.java | 12 ++-- .../sun/net/www/protocol/http/B6890349.java | 68 +++++++++++++++++++ 3 files changed, 76 insertions(+), 10 deletions(-) create mode 100644 jdk/test/sun/net/www/protocol/http/B6890349.java diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java b/jdk/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java index e62e3c2eccf..6ded043ef7e 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java +++ b/jdk/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java @@ -284,14 +284,16 @@ class DigestAuthentication extends AuthenticationInfo { params.setOpaque (p.findValue("opaque")); params.setQop (p.findValue("qop")); - String uri; + String uri=""; String method; if (type == PROXY_AUTHENTICATION && conn.tunnelState() == HttpURLConnection.TunnelState.SETUP) { uri = HttpURLConnection.connectRequestURI(conn.getURL()); method = HTTP_CONNECT; } else { - uri = conn.getRequestURI(); + try { + uri = conn.getRequestURI(); + } catch (IOException e) {} method = conn.getMethod(); } diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index c872526e597..d2c99a680c5 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -1543,7 +1543,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * because ntlm does not support this feature. */ private AuthenticationInfo - resetProxyAuthentication(AuthenticationInfo proxyAuthentication, AuthenticationHeader auth) { + resetProxyAuthentication(AuthenticationInfo proxyAuthentication, AuthenticationHeader auth) throws IOException { if ((proxyAuthentication != null )&& proxyAuthentication.getAuthScheme() != NTLM) { String raw = auth.raw(); @@ -1767,7 +1767,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { /** * Sets pre-emptive proxy authentication in header */ - private void setPreemptiveProxyAuthentication(MessageHeader requests) { + private void setPreemptiveProxyAuthentication(MessageHeader requests) throws IOException { AuthenticationInfo pauth = AuthenticationInfo.getProxyAuth(http.getProxyHostUsed(), http.getProxyPortUsed()); @@ -2123,13 +2123,9 @@ public class HttpURLConnection extends java.net.HttpURLConnection { String requestURI = null; - String getRequestURI() { + String getRequestURI() throws IOException { if (requestURI == null) { - try { - requestURI = http.getURLFile(); - } catch (IOException e) { - requestURI = ""; - } + requestURI = http.getURLFile(); } return requestURI; } diff --git a/jdk/test/sun/net/www/protocol/http/B6890349.java b/jdk/test/sun/net/www/protocol/http/B6890349.java new file mode 100644 index 00000000000..99155e1813b --- /dev/null +++ b/jdk/test/sun/net/www/protocol/http/B6890349.java @@ -0,0 +1,68 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ +/** + * @test + * @bug 6890349 + * @run main/othervm B6890349 + * @summary Light weight HTTP server + */ + +import java.net.*; +import java.io.*; + +public class B6890349 extends Thread { + public static final void main(String[] args) throws Exception { + + try { + ServerSocket server = new ServerSocket (0); + int port = server.getLocalPort(); + System.out.println ("listening on " + port); + B6890349 t = new B6890349 (server); + t.start(); + URL u = new URL ("http://127.0.0.1:"+port+"/foo\nbar"); + HttpURLConnection urlc = (HttpURLConnection)u.openConnection (); + InputStream is = urlc.getInputStream(); + throw new RuntimeException ("Test failed"); + } catch (IOException e) { + System.out.println ("OK"); + } + } + + ServerSocket server; + + B6890349 (ServerSocket server) { + this.server = server; + } + + String resp = "HTTP/1.1 200 Ok\r\nContent-length: 0\r\n\r\n"; + + public void run () { + try { + Socket s = server.accept (); + OutputStream os = s.getOutputStream(); + os.write (resp.getBytes()); + } catch (IOException e) { + System.out.println (e); + } + } +}