Details
-
Bug
-
Resolution: Fixed
-
P2
-
8
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8031189 | 9 | Michael McMahon | P2 | Closed | Fixed | b01 |
JDK-8031282 | 8u5 | Michael McMahon | P2 | Resolved | Fixed | b03 |
Description
Starting with jdk8 b117 opening a http(s) connection to a server with username in the URL fails with IllegalArgumentException. An example of the exception is attached.
From debugging the bug in NetBeans when connecting to git https repository:
1) at java.net.HostPortrange.toLowerCase(HostPortrange.java:189)
2) at java.net.HostPortrange.<init>(HostPortrange.java:150)
3) at java.net.URLPermission$Authority.<init>(URLPermission.java:476)
4) at java.net.URLPermission.parseURI(URLPermission.java:446)
5) at java.net.URLPermission.init(URLPermission.java:167)
6) at java.net.URLPermission.<init>(URLPermission.java:163)
6) called as URLPermission("https://ovrabec@bitbucket.org/ovrabec/anagramgame.git/info/refs", "GET:Accept-Encoding,Pragma,User-Agent,Accept")
3) instantiated as URLPermission$Authority("https", "ovrabec@bitbucket.org")
2) finally hostname is incorrectly parsed in HostPortrange.<init> and tries to call toLowerCase(ovrabec@bitbucket.org)
100% reproducible, cannot clone a git repository over https with authentication.
The difference between b116 and b117 is the last step in the stacktrace. While b116 simply called:
> hoststr = hoststr.toLowerCase();
b117 now calls:
> hoststr = HostPortrange.toLowerCase(hoststr);
In both builds the current value of hoststr was "ovrabec@bitbucket.org", the new method cannot handle '@' and throws the exception. According to spec at http://tools.ietf.org/html/rfc3986#section-3.2.1 username may probably contain also other non-ascii characters (encoded as %XX i guess) so permitting only '@' may not be sufficient. JDK should probably correctly parse just the host name and skip the userinfo part of the URI.
Original NetBeans bug:
https://netbeans.org/bugzilla/show_bug.cgi?id=238843
From debugging the bug in NetBeans when connecting to git https repository:
1) at java.net.HostPortrange.toLowerCase(HostPortrange.java:189)
2) at java.net.HostPortrange.<init>(HostPortrange.java:150)
3) at java.net.URLPermission$Authority.<init>(URLPermission.java:476)
4) at java.net.URLPermission.parseURI(URLPermission.java:446)
5) at java.net.URLPermission.init(URLPermission.java:167)
6) at java.net.URLPermission.<init>(URLPermission.java:163)
6) called as URLPermission("https://ovrabec@bitbucket.org/ovrabec/anagramgame.git/info/refs", "GET:Accept-Encoding,Pragma,User-Agent,Accept")
3) instantiated as URLPermission$Authority("https", "ovrabec@bitbucket.org")
2) finally hostname is incorrectly parsed in HostPortrange.<init> and tries to call toLowerCase(ovrabec@bitbucket.org)
100% reproducible, cannot clone a git repository over https with authentication.
The difference between b116 and b117 is the last step in the stacktrace. While b116 simply called:
> hoststr = hoststr.toLowerCase();
b117 now calls:
> hoststr = HostPortrange.toLowerCase(hoststr);
In both builds the current value of hoststr was "ovrabec@bitbucket.org", the new method cannot handle '@' and throws the exception. According to spec at http://tools.ietf.org/html/rfc3986#section-3.2.1 username may probably contain also other non-ascii characters (encoded as %XX i guess) so permitting only '@' may not be sufficient. JDK should probably correctly parse just the host name and skip the userinfo part of the URI.
Original NetBeans bug:
https://netbeans.org/bugzilla/show_bug.cgi?id=238843
Attachments
Issue Links
- backported by
-
JDK-8031282 URLPermission.<init> throws llegalArgumentException: Invalid characters in hostname
- Resolved
-
JDK-8031189 URLPermission.<init> throws llegalArgumentException: Invalid characters in hostname
- Closed
- duplicates
-
JDK-8072064 toLowerCase() in java.net.HostPortrange fails on underscore character
- Open
- relates to
-
JDK-8132508 Bug JDK-8029354 reproduces with underscore in hostname
- Closed