Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8029354

URLPermission.<init> throws llegalArgumentException: Invalid characters in hostname

    XMLWordPrintable

Details

    • b117
    • 8
    • b122

    Backports

      Description

        Starting with jdk8 b117 opening a http(s) connection to a server with username in the URL fails with IllegalArgumentException. An example of the exception is attached.

        From debugging the bug in NetBeans when connecting to git https repository:
        1) at java.net.HostPortrange.toLowerCase(HostPortrange.java:189)
        2) at java.net.HostPortrange.<init>(HostPortrange.java:150)
        3) at java.net.URLPermission$Authority.<init>(URLPermission.java:476)
        4) at java.net.URLPermission.parseURI(URLPermission.java:446)
        5) at java.net.URLPermission.init(URLPermission.java:167)
        6) at java.net.URLPermission.<init>(URLPermission.java:163)

        6) called as URLPermission("https://ovrabec@bitbucket.org/ovrabec/anagramgame.git/info/refs", "GET:Accept-Encoding,Pragma,User-Agent,Accept")
        3) instantiated as URLPermission$Authority("https", "ovrabec@bitbucket.org")
        2) finally hostname is incorrectly parsed in HostPortrange.<init> and tries to call toLowerCase(ovrabec@bitbucket.org)

        100% reproducible, cannot clone a git repository over https with authentication.

        The difference between b116 and b117 is the last step in the stacktrace. While b116 simply called:
        > hoststr = hoststr.toLowerCase();
        b117 now calls:
        > hoststr = HostPortrange.toLowerCase(hoststr);

        In both builds the current value of hoststr was "ovrabec@bitbucket.org", the new method cannot handle '@' and throws the exception. According to spec at http://tools.ietf.org/html/rfc3986#section-3.2.1 username may probably contain also other non-ascii characters (encoded as %XX i guess) so permitting only '@' may not be sufficient. JDK should probably correctly parse just the host name and skip the userinfo part of the URI.

        Original NetBeans bug:
        https://netbeans.org/bugzilla/show_bug.cgi?id=238843

        Attachments

          Issue Links

            Activity

              People

                michaelm Michael McMahon
                anebuzel Antonín Nebuželský
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: