From ec119716e542047f52aadefef142a9be64b35b7b Mon Sep 17 00:00:00 2001 From: Michael McMahon Date: Wed, 21 Dec 2022 10:04:07 +0000 Subject: [PATCH] 8296676: Improve String platform support Reviewed-by: aefimov, dfuchs --- .../share/classes/java/net/InetAddress.java | 8 +++++ .../www/protocol/http/HttpURLConnection.java | 29 +++++++++++++++++-- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/src/java.base/share/classes/java/net/InetAddress.java b/src/java.base/share/classes/java/net/InetAddress.java index 0b05960647a..4ebe44ee422 100644 --- a/src/java.base/share/classes/java/net/InetAddress.java +++ b/src/java.base/share/classes/java/net/InetAddress.java @@ -1062,6 +1062,7 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In throws UnknownHostException { Objects.requireNonNull(host); Objects.requireNonNull(policy); + validate(host); InetAddress[] addrs; long comp = Blocker.begin(); try { @@ -1475,6 +1476,7 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In return ret; } + validate(host); boolean ipv6Expected = false; if (host.charAt(0) == '[') { // This is supposed to be an IPv6 literal @@ -1873,4 +1875,10 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In pf.put("family", holder().getFamily()); s.writeFields(); } + + private static void validate(String host) throws UnknownHostException { + if (host.indexOf(0) != -1) { + throw new UnknownHostException("NUL character not allowed in hostname"); + } + } } diff --git a/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 4ed92b99308..b677278459a 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -2359,7 +2359,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * the connection. */ @SuppressWarnings({"removal","fallthrough"}) - private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr) { + private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr) + throws IOException { assert isLockHeldByCurrentThread(); @@ -2460,6 +2461,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { authenticator, host, null, port, url.getProtocol(), "", scheme, url, RequestorType.PROXY); + validateNTLMCredentials(a); } /* If we are not trying transparent authentication then * we need to have a PasswordAuthentication instance. For @@ -2529,7 +2531,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * preferred. */ @SuppressWarnings("fallthrough") - private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr) { + private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr) + throws IOException { // Only called from getInputStream0 assert isLockHeldByCurrentThread(); @@ -2641,6 +2644,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { authenticator, url.getHost(), addr, port, url.getProtocol(), "", scheme, url, RequestorType.SERVER); + validateNTLMCredentials(a); } /* If we are not trying transparent authentication then @@ -3997,6 +4001,27 @@ public class HttpURLConnection extends java.net.HttpURLConnection { private static URL newURL(URL context, String spec) throws MalformedURLException { return new URL(context, spec); } + + // ensure there are no null characters in username or password + private static void validateNTLMCredentials(PasswordAuthentication pw) + throws IOException { + + if (pw == null) { + return; + } + char[] password = pw.getPassword(); + if (password != null) { + for (int i=0; i