RFR: JDK-8288207: Enhance MalformedURLException in Uri.parseCompat [v3]

Bernd Eckenfels ecki at zusammenkunft.net
Tue Jun 14 11:46:33 UTC 2022

The change does not seem to be related to your description, and the description does not match the shown exception. In fact the example stacktrace contains the authority value twice and your change adds a diagnostic which is not really helpful for the case of the underscore? I would not be too specific for such general parsing rules.

Von: core-libs-dev <core-libs-dev-retn at openjdk.java.net> im Auftrag von Matthias Baesken <mbaesken at openjdk.java.net>
Gesendet: Tuesday, June 14, 2022 1:36:36 PM
An: core-libs-dev at openjdk.java.net <core-libs-dev at openjdk.java.net>; security-dev at openjdk.java.net <security-dev at openjdk.java.net>
Betreff: Re: RFR: JDK-8288207: Enhance MalformedURLException in Uri.parseCompat [v3]

> When trying to construct an LdapURL object with a bad input string (in this example the _ in ad_jbs is causing issues), and not using
> the backward compatibility flag -Dcom.sun.jndi.ldapURLParsing="legacy" we run into the exception below :
> import com.sun.jndi.ldap.LdapURL;
>  ....
> String url = "ldap://ad_jbs.ttt.net:389/xyz"; // bad input string containing _
> LdapURL ldapUrl = new LdapURL(url);
> java --add-opens java.naming/com.sun.jndi.ldap=ALL-UNNAMED LdapParseUrlTest
> Exception in thread "main" javax.naming.NamingException: Cannot parse url: ldap://ad_jbs.ttt.net:389/xyz [Root exception is java.net.MalformedURLException: unsupported authority: ad_jbs.ttt.net:389]
> at java.naming/com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:115)
> at LdapParseUrlTest.main(LdapParseUrlTest.java:9)
> Caused by: java.net.MalformedURLException: unsupported authority: ad_jbs.ttt.net:389
> at java.naming/com.sun.jndi.toolkit.url.Uri.parseCompat(Uri.java:367)
> at java.naming/com.sun.jndi.toolkit.url.Uri.parse(Uri.java:230)
> at java.naming/com.sun.jndi.toolkit.url.Uri.init(Uri.java:174)
> at java.naming/com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:105)
> I would like to add the host and port info to the exception (in the example it is host:port of URI:null:-1] ) so that it is directly visible that the input caused the construction of a URI
> with "special"/problematic host and port values.

Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:

  fix copy paste error


  - all: https://git.openjdk.org/jdk/pull/9126/files
  - new: https://git.openjdk.org/jdk/pull/9126/files/1050c724..bdbe2204

 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=9126&range=02
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=9126&range=01-02

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/9126.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/9126/head:pull/9126

PR: https://git.openjdk.org/jdk/pull/9126
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220614/5c651466/attachment.htm>

More information about the security-dev mailing list