infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-23 16:55:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

6670868: StackOverFlow with bad authenticated Proxy tunnels

Browse Source 
Reviewed-by: michaelm
This commit is contained in:
Chris Hegarty 2011-07-27 18:10:10 +01:00
parent 545b41c9ab
commit 281db94b24
3 changed files with 130 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
jdk/src/share/classes/sun/net/www/http/HttpClient.java
View File

@ -599,7 +599,9 @@ public class HttpClient extends NetworkClient {
cachedHttpClient = false;
if (!failedOnce && requests != null) {
failedOnce = true;
if (httpuc.getRequestMethod().equals("POST") && (!retryPostProp || streaming)) {
if (getRequestMethod().equals("CONNECT") ||
(httpuc.getRequestMethod().equals("POST") &&
(!retryPostProp || streaming))) {
// do not retry the request
} else {
// try once more
@ -706,7 +708,9 @@ public class HttpClient extends NetworkClient {
} else if (nread != 8) {
if (!failedOnce && requests != null) {
failedOnce = true;
if (httpuc.getRequestMethod().equals("POST") && (!retryPostProp || streaming)) {
if (getRequestMethod().equals("CONNECT") ||
(httpuc.getRequestMethod().equals("POST") &&
(!retryPostProp || streaming))) {
// do not retry the request
} else {
closeServer();
@ -891,6 +895,16 @@ public class HttpClient extends NetworkClient {
return cacheRequest;
}
String getRequestMethod() {
if (requests != null) {
String requestLine = requests.getKey(0);
if (requestLine != null) {
return requestLine.split("\\s+")[0];
}
}
return "";
}
@Override
protected void finalize() throws Throwable {
// This should do nothing. The stream finalizer will

11
jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
View File

@ -1880,14 +1880,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
private void sendCONNECTRequest() throws IOException {
int port = url.getPort();
// setRequests == true indicates the std. request headers
// have been set in (previous) requests.
// so the first one must be the http method (GET, etc.).
// we need to set it to CONNECT soon, remove this one first.
// otherwise, there may have 2 http methods in headers
if (setRequests) requests.set(0, null, null);
requests.prepend(HTTP_CONNECT + " " + connectRequestURI(url)
requests.set(0, HTTP_CONNECT + " " + connectRequestURI(url)
+ " " + httpVersion, null);
requests.setIfNotSet("User-Agent", userAgent);
@ -1912,8 +1905,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
http.writeRequests(requests, null);
// remove CONNECT header
requests.set(0, null, null);
}
/**

113
jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java Normal file
View File

@ -0,0 +1,113 @@
/*
* Copyright (c) 2011 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6670868
* @summary StackOverFlow with bad authenticated Proxy tunnels
*/
import java.io.IOException;
import java.io.InputStream;
import java.net.Authenticator;
import java.net.Proxy;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
public class HttpsProxyStackOverflow {
public static void main(String[] args) throws IOException {
BadAuthProxyServer server = startServer();
doClient(server);
}
static void doClient(BadAuthProxyServer server) throws IOException {
// url doesn't matter since we will never make the connection
URL url = new URL("https://anythingwilldo/");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(
new Proxy(Proxy.Type.HTTP,
new InetSocketAddress("localhost", server.getPort())));
try (InputStream is = conn.getInputStream()) {
} catch(IOException unused) {
// no real server, IOException is expected.
// failure if StackOverflowError
} finally {
server.done();
}
}
static BadAuthProxyServer startServer() throws IOException {
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("xyz", "xyz".toCharArray());
}
});
BadAuthProxyServer server = new BadAuthProxyServer(new ServerSocket(0));
Thread serverThread = new Thread(server);
serverThread.start();
return server;
}
static class BadAuthProxyServer implements Runnable {
private ServerSocket ss;
private boolean done;
BadAuthProxyServer(ServerSocket ss) { this.ss = ss; }
public void run() {
try {
while (!done) {
Socket s = ss.accept();
s.getOutputStream().write(
("HTTP/1.1 407\nProxy-Authenticate:Basic " +
"realm=\"WallyWorld\"\n\n").getBytes("US-ASCII"));
s.close();
s = ss.accept();
s.close();
}
} catch (IOException e) {
// Ignore IOException when the main thread calls done
} finally {
try { ss.close(); } catch (IOException e) {}
}
}
int getPort() {
return ss.getLocalPort();
}
void done() {
try { ss.close(); } catch (IOException e) {}
done = true;
}
}
}