8296676: Improve String platform support
Reviewed-by: aefimov, dfuchs
This commit is contained in:
Michael McMahon
Henry Jen
parent
5ec0120152
commit
ec119716e5
@ -1062,6 +1062,7 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
|
||||
throws UnknownHostException {
|
||||
Objects.requireNonNull(host);
|
||||
Objects.requireNonNull(policy);
|
||||
validate(host);
|
||||
InetAddress[] addrs;
|
||||
long comp = Blocker.begin();
|
||||
try {
|
||||
@ -1475,6 +1476,7 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
|
||||
return ret;
|
||||
}
|
||||
|
||||
validate(host);
|
||||
boolean ipv6Expected = false;
|
||||
if (host.charAt(0) == '[') {
|
||||
// This is supposed to be an IPv6 literal
|
||||
@ -1873,4 +1875,10 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
|
||||
pf.put("family", holder().getFamily());
|
||||
s.writeFields();
|
||||
}
|
||||
|
||||
private static void validate(String host) throws UnknownHostException {
|
||||
if (host.indexOf(0) != -1) {
|
||||
throw new UnknownHostException("NUL character not allowed in hostname");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -2359,7 +2359,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
* the connection.
|
||||
*/
|
||||
@SuppressWarnings({"removal","fallthrough"})
|
||||
private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr) {
|
||||
private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr)
|
||||
throws IOException {
|
||||
|
||||
assert isLockHeldByCurrentThread();
|
||||
|
||||
@ -2460,6 +2461,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
authenticator,
|
||||
host, null, port, url.getProtocol(),
|
||||
"", scheme, url, RequestorType.PROXY);
|
||||
validateNTLMCredentials(a);
|
||||
}
|
||||
/* If we are not trying transparent authentication then
|
||||
* we need to have a PasswordAuthentication instance. For
|
||||
@ -2529,7 +2531,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
* preferred.
|
||||
*/
|
||||
@SuppressWarnings("fallthrough")
|
||||
private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr) {
|
||||
private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr)
|
||||
throws IOException {
|
||||
|
||||
// Only called from getInputStream0
|
||||
assert isLockHeldByCurrentThread();
|
||||
@ -2641,6 +2644,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
authenticator,
|
||||
url.getHost(), addr, port, url.getProtocol(),
|
||||
"", scheme, url, RequestorType.SERVER);
|
||||
validateNTLMCredentials(a);
|
||||
}
|
||||
|
||||
/* If we are not trying transparent authentication then
|
||||
@ -3997,6 +4001,27 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
||||
private static URL newURL(URL context, String spec) throws MalformedURLException {
|
||||
return new URL(context, spec);
|
||||
}
|
||||
|
||||
// ensure there are no null characters in username or password
|
||||
private static void validateNTLMCredentials(PasswordAuthentication pw)
|
||||
throws IOException {
|
||||
|
||||
if (pw == null) {
|
||||
return;
|
||||
}
|
||||
char[] password = pw.getPassword();
|
||||
if (password != null) {
|
||||
for (int i=0; i<password.length; i++) {
|
||||
if (password[i] == 0) {
|
||||
throw new IOException("NUL character not allowed in NTLM password");
|
||||
}
|
||||
}
|
||||
}
|
||||
String username = pw.getUserName();
|
||||
if (username != null && username.indexOf(0) != -1) {
|
||||
throw new IOException("NUL character not allowed in NTLM username or domain");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** An input stream that just returns EOF. This is for
|
||||
|
||||
Loading…
Reference in New Issue
Block a user