RFR: 8282395: URL.openConnection can throw IOOBE
KIRIYAMA Takuya
duke at openjdk.java.net
Fri Apr 8 08:01:15 UTC 2022
I fixed sun.net.www.ParseUtil.decode().
ParseUtil.decode() always tries to decode after parsing '%', so if '%' is located at the end of the String, IndexOutOfBoundsException is thrown. Also, if '%' is shown after decodable string and following string is not decodable (e.g: "%25%s%G1"), ParseUtil.decode() throws IllegalArgumentException.
But URL standard says below (https://url.spec.whatwg.org/#percent-decode).
Otherwise, if byte is 0x25 (%) and the next two bytes after byte in input are not in the ranges
0x30 (0) to 0x39 (9), 0x41 (A) to 0x46 (F), and 0x61 (a) to 0x66 (f), all inclusive, append byte to output.
So, there should be used isEscaped() to judge to decode.
Would you please review this fix?
-------------
Commit messages:
- 8282395: URL.openConnection can throw IOOBE
Changes: https://git.openjdk.java.net/jdk/pull/8155/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=8155&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8282395
Stats: 48 lines in 2 files changed: 45 ins; 0 del; 3 mod
Patch: https://git.openjdk.java.net/jdk/pull/8155.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/8155/head:pull/8155
PR: https://git.openjdk.java.net/jdk/pull/8155
More information about the net-dev
mailing list