diff --git a/src/java.base/share/classes/java/net/InetAddress.java b/src/java.base/share/classes/java/net/InetAddress.java index faa0d085244..e57e2741244 100644 --- a/src/java.base/share/classes/java/net/InetAddress.java +++ b/src/java.base/share/classes/java/net/InetAddress.java @@ -1508,6 +1508,10 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In InetAddress[] ret = new InetAddress[1]; if(addr != null) { if (addr.length == Inet4Address.INADDRSZ) { + if (numericZone != -1 || ifname != null) { + // IPv4-mapped address must not contain zone-id + throw new UnknownHostException(host + ": invalid IPv4-mapped address"); + } ret[0] = new Inet4Address(null, addr); } else { if (ifname != null) { @@ -1552,22 +1556,23 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In int percent = s.indexOf ('%'); int slen = s.length(); int digit, zone=0; + int multmax = Integer.MAX_VALUE / 10; // for int overflow detection if (percent == -1) { return -1; } for (int i=percent+1; i multmax) { return -1; } zone = (zone * 10) + digit; + if (zone < 0) { + return -1; + } + } return zone; } diff --git a/src/java.base/share/classes/sun/net/util/IPAddressUtil.java b/src/java.base/share/classes/sun/net/util/IPAddressUtil.java index 0624a792907..28a819cc938 100644 --- a/src/java.base/share/classes/sun/net/util/IPAddressUtil.java +++ b/src/java.base/share/classes/sun/net/util/IPAddressUtil.java @@ -829,7 +829,7 @@ public class IPAddressUtil { } // Parse ASCII digit in given radix - private static int parseAsciiDigit(char c, int radix) { + public static int parseAsciiDigit(char c, int radix) { assert radix == OCTAL || radix == DECIMAL || radix == HEXADECIMAL; if (radix == HEXADECIMAL) { return parseAsciiHexDigit(c);