United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7041800 URI.equals may incorrectly return true with escaped octets
JDK-7041800 : URI.equals may incorrectly return true with escaped octets

Details
Type:
Bug
Submit Date:
2011-05-04
Status:
Closed
Updated Date:
2012-08-21
Project Name:
JDK
Resolved Date:
2012-08-21
Component:
core-libs
OS:
generic
Sub-Component:
java.net
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
6u24
Fixed Versions:

Related Reports
Backport:
Backport:

Sub Tasks

Description
Consider the following:

import java.net.*;

public class Test {
    public static void main(String[] args) throws Exception {
        URI uri1 = new URI("http://host/a%00"); 
        URI uri2 = new URI("http://host/aZ00");
        System.out.println(uri1.equals(uri2));
    }
}

It incorrectly prints true with jdk7-b140 (same thing for all previous releases)

                                    

Comments
SUGGESTED FIX

diff -r 36724da65fef src/share/classes/java/net/URI.java
--- a/src/share/classes/java/net/URI.java       Mon May 02 20:17:18 2011 +0100
+++ b/src/share/classes/java/net/URI.java       Wed May 04 11:07:15 2011 +0100
@@ -1711,6 +1711,8 @@ public final class URI
                    i++;
                    continue;
                }
+               if (d != '%')
+                   return false;
                i++;
                if (toLower(s.charAt(i)) != toLower(t.charAt(i)))
                    return false;
                                     
2011-05-04
EVALUATION

Looks like a bug in the equal(String,String) method. The Strings compare equal when there is a % in one string, a different char in the same place in the other string, but the two chars following are the same.
                                     
2011-05-04
EVALUATION

JDK8 changeset
  http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fcb33500b325

--- a/src/share/classes/java/net/URI.java Thu Sep 01 06:45:00 2011 +0100
+++ b/src/share/classes/java/net/URI.java Thu Sep 01 13:53:59 2011 +0100
@@ -1711,6 +1711,8 @@ public final class URI
i++;
continue;
}
+ if (d != '%')
+ return false;
i++;
if (toLower(s.charAt(i)) != toLower(t.charAt(i)))
return false;

--- a/test/java/net/URI/Test.java Thu Sep 01 06:45:00 2011 +0100
+++ b/test/java/net/URI/Test.java Thu Sep 01 13:53:59 2011 +0100
@@ -23,7 +23,7 @@
/* @test
* @summary Unit test for java.net.URI
- * @bug 4464135 4505046 4503239 4438319 4991359 4866303 7023363
+ * @bug 4464135 4505046 4503239 4438319 4991359 4866303 7023363 7041800
* @author Mark Reinhold
*/
@@ -1428,6 +1428,8 @@ public class Test {
gt(s, new URI("http://jag:###@###.###:94/b/c/d?q#f"));
lt(s, new URI("http://jag:###@###.###:94/b/c/d?r#f"));
lt(s, new URI("http://jag:###@###.###:94/b/c/d?q#g"));
+ eq(new URI("http://host/a%00bcd"), new URI("http://host/a%00bcd"));
+ ne(new URI("http://host/a%00bcd"), new URI("http://host/aZ00bcd"));
lt("p", "s:p");
lt("s:p", "T:p");
                                     
2011-09-01



Hardware and Software, Engineered to Work Together