United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-7155693 : CodeSource.matchLocation getPort test can be improved

Details
Type:
Bug
Submit Date:
2012-03-21
Status:
Closed
Updated Date:
2012-07-17
Project Name:
JDK
Resolved Date:
2012-07-17
Component:
security-libs
OS:
generic
Sub-Component:
java.security
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
8
Fixed Versions:

Related Reports
Relates:

Sub Tasks

Description
CodeSource.matchLocation(..) method currently uses the following test to check for port equality : 

-             if (location.getPort() != -1) {
-                 if (location.getPort() != that.location.getPort())
-                     return false;
-             }

The URLStreamHandler uses a more thorough check on port equality checks. It uses the getDefaultPort call.

                                    

Comments
SUGGESTED FIX

The previously suggested fix is incorrect because it does a strict equals and breaks the
implies specification. If the "this" port is -1, then it doesn't matter what the
"that" port or default port is, the test should always pass. The correct fix is:

int thisPort = location.getPort();
if (thisPort != -1) {
    int thatPort = that.location.getPort();
    int port = thatPort != -1 ? thatPort : that.location.getDefaultPort();
    if (thisPort != port)
       return false;
}

In other words it only compares ports if "this" port is not -1.
                                     
2012-04-06
EVALUATION

Should use a more thorough check.
                                     
2012-03-21
SUGGESTED FIX

>             int port1, port2;
>             int thisPort = location.getPort();
>             int thatPort = that.location.getPort();
>             port1 = (thisPort != -1) ? thisPort : location.getDefaultPort();
>             port2 = (thatPort != -1) ? thatPort : that.location.getDefaultPort();
>             if (port1 != port2)
>                 return false;
                                     
2012-03-21



Hardware and Software, Engineered to Work Together