Integrated: 8282395: URL.openConnection can throw IOOBE
KIRIYAMA Takuya
duke at openjdk.org
Tue Oct 11 09:25:10 UTC 2022
On Fri, 8 Apr 2022 07:52:55 GMT, KIRIYAMA Takuya <duke at openjdk.org> wrote:
> I fixed sun.net.www.ParseUtil.decode().
>
> ParseUtil.decode() always tries to decode after parsing '%', so if '%' is located at the end of the String, IndexOutOfBoundsException is thrown. Also, if '%' is shown after decodable string and following string is not decodable (e.g: "%25%s%G1"), ParseUtil.decode() throws IllegalArgumentException.
>
> But URL standard says below (https://url.spec.whatwg.org/#percent-decode).
>
>
> Otherwise, if byte is 0x25 (%) and the next two bytes after byte in input are not in the ranges
> 0x30 (0) to 0x39 (9), 0x41 (A) to 0x46 (F), and 0x61 (a) to 0x66 (f), all inclusive, append byte to output.
>
>
> So, there should be used isEscaped() to judge to decode.
>
> Would you please review this fix?
This pull request has now been integrated.
Changeset: 4435d56d
Author: KIRIYAMA Takuya <kiriyama.takuya at fujitsu.com>
Committer: Daniel Fuchs <dfuchs at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/4435d56d3fa232748b22eeb6f2894cc8dc937ccf
Stats: 75 lines in 3 files changed: 69 ins; 0 del; 6 mod
8282395: URL.openConnection can throw IOOBE
Reviewed-by: dfuchs
-------------
PR: https://git.openjdk.org/jdk/pull/8155
More information about the net-dev
mailing list