--- a/src/java.base/share/classes/sun/net/www/ParseUtil.java Wed Feb 14 08:15:07 2018 -0800
+++ b/src/java.base/share/classes/sun/net/www/ParseUtil.java Wed Feb 14 19:03:12 2018 +0100
@@ -44,7 +44,9 @@
* @author Mike McCloskey
*/
-public class ParseUtil {
+public final class ParseUtil {
+
+ private ParseUtil() {}
/**
* Constructs an encoded version of the specified path string suitable
@@ -80,10 +82,13 @@
int len = path.length();
for (int i = 0; i < len; i++) {
char c = path.charAt(i);
- if (c == '/' || c == '.' ||
- c >= 'a' && c <= 'z' ||
- c >= 'A' && c <= 'Z' ||
- c >= '0' && c <= '9') {
+ // Ordering in the following test is performance sensitive,
+ // and typically paths have most chars in the a-z range, then
+ // in the symbol range '&'-':' (includes '.', '/' and '0'-'9')
+ // and more rarely in the A-Z range.
+ if (c >= 'a' && c <= 'z' ||
+ c >= '&' && c <= ':' ||
+ c >= 'A' && c <= 'Z') {
continue;
} else if (c > 0x007F || match(c, L_ENCODED, H_ENCODED)) {
return i;
@@ -219,9 +224,17 @@
/**
* Returns a canonical version of the specified string.
*/
- public String canonizeString(String file) {
- int i = 0;
- int lim = file.length();
+ public static String canonizeString(String file) {
+ int len = file.length();
+ if (len == 0 || (file.indexOf("./") == -1 && file.charAt(len - 1) != '.')) {
+ return file;
+ } else {
+ return doCanonize(file);
+ }
+ }
+
+ private static String doCanonize(String file) {
+ int i, lim;
// Remove embedded /../
while ((i = file.indexOf("/../")) >= 0) {
--- a/src/java.base/share/classes/sun/net/www/protocol/jar/Handler.java Wed Feb 14 08:15:07 2018 -0800
+++ b/src/java.base/share/classes/sun/net/www/protocol/jar/Handler.java Wed Feb 14 19:03:12 2018 +0100
@@ -141,10 +141,9 @@
// 1. absolute (jar:)
// 2. relative (i.e. url + foo/bar/baz.ext)
// 3. anchor-only (i.e. url + #foo), which we already did (refOnly)
- boolean absoluteSpec = false;
- if (spec.length() >= 4) {
- absoluteSpec = spec.substring(0, 4).equalsIgnoreCase("jar:");
- }
+ boolean absoluteSpec = spec.length() >= 4
+ ? spec.regionMatches(true, 0, "jar:", 0, 4)
+ : false;
spec = spec.substring(start, limit);
if (absoluteSpec) {
@@ -156,16 +155,14 @@
int bangSlash = indexOfBangSlash(file);
String toBangSlash = file.substring(0, bangSlash);
String afterBangSlash = file.substring(bangSlash);
- sun.net.www.ParseUtil canonizer = new ParseUtil();
- afterBangSlash = canonizer.canonizeString(afterBangSlash);
+ afterBangSlash = ParseUtil.canonizeString(afterBangSlash);
file = toBangSlash + afterBangSlash;
}
setURL(url, "jar", "", -1, file, ref);
}
private String parseAbsoluteSpec(String spec) {
- URL url = null;
- int index = -1;
+ int index;
// check for !/
if ((index = indexOfBangSlash(spec)) == -1) {
throw new NullPointerException("no !/ in spec");
@@ -173,7 +170,7 @@
// test the inner URL
try {
String innerSpec = spec.substring(0, index - 1);
- url = new URL(innerSpec);
+ new URL(innerSpec);
} catch (MalformedURLException e) {
throw new NullPointerException("invalid url: " +
spec + " (" + e + ")");
@@ -193,16 +190,16 @@
": no !/");
}
ctxFile = ctxFile.substring(0, bangSlash);
- }
- if (!ctxFile.endsWith("/") && (!spec.startsWith("/"))){
+ } else {
// chop up the last component
int lastSlash = ctxFile.lastIndexOf('/');
if (lastSlash == -1) {
throw new NullPointerException("malformed " +
"context url:" +
url);
+ } else if (lastSlash < ctxFile.length() - 1) {
+ ctxFile = ctxFile.substring(0, lastSlash + 1);
}
- ctxFile = ctxFile.substring(0, lastSlash + 1);
}
return (ctxFile + spec);
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/net/www/protocol/jar/CanonicalizationTest.java Wed Feb 14 19:03:12 2018 +0100
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8197849
+ * @summary Sanity test the special canonicalization logic for jar resources
+ */
+
+import java.net.URL;
+
+public class CanonicalizationTest {
+ public static void main(String args[]) throws Exception {
+ URL base = new URL("jar:file:/foo!/");
+
+ check(new URL(base, ""), "jar:file:/foo!/");
+ check(new URL(base, "."), "jar:file:/foo!/");
+ check(new URL(base, ".."), "jar:file:/foo!");
+ check(new URL(base, ".x"), "jar:file:/foo!/.x");
+ check(new URL(base, "..x"), "jar:file:/foo!/..x");
+ check(new URL(base, "..."), "jar:file:/foo!/...");
+ check(new URL(base, "foo/."), "jar:file:/foo!/foo/");
+ check(new URL(base, "foo/.."), "jar:file:/foo!/");
+ check(new URL(base, "foo/.x"), "jar:file:/foo!/foo/.x");
+ check(new URL(base, "foo/..x"), "jar:file:/foo!/foo/..x");
+ check(new URL(base, "foo/..."), "jar:file:/foo!/foo/...");
+ check(new URL(base, "foo/./"), "jar:file:/foo!/foo/");
+ check(new URL(base, "foo/../"), "jar:file:/foo!/");
+ check(new URL(base, "foo/.../"), "jar:file:/foo!/foo/.../");
+ check(new URL(base, "foo/../../"), "jar:file:/foo!/");
+ check(new URL(base, "foo/../,,/.."), "jar:file:/foo!/");
+ check(new URL(base, "foo/../."), "jar:file:/foo!/");
+ check(new URL(base, "foo/../.x"), "jar:file:/foo!/.x");
+ }
+
+ private static void check(URL url, String expected) {
+ if (!url.toString().equals(expected)) {
+ throw new AssertionError("Expected " + url + " to equal " + expected);
+ }
+ }
+}