JDK-7041800 : URI.equals may incorrectly return true with escaped octets
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 6u24
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2011-05-04
  • Updated: 2012-08-21
  • Resolved: 2012-08-21
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8
6u30Fixed 7u2Fixed 8 b06Fixed
Description
Consider the following:

import java.net.*;

public class Test {
    public static void main(String[] args) throws Exception {
        URI uri1 = new URI("http://host/a%00"); 
        URI uri2 = new URI("http://host/aZ00");
        System.out.println(uri1.equals(uri2));
    }
}

It incorrectly prints true with jdk7-b140 (same thing for all previous releases)

Comments
EVALUATION JDK8 changeset http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fcb33500b325 --- a/src/share/classes/java/net/URI.java Thu Sep 01 06:45:00 2011 +0100 +++ b/src/share/classes/java/net/URI.java Thu Sep 01 13:53:59 2011 +0100 @@ -1711,6 +1711,8 @@ public final class URI i++; continue; } + if (d != '%') + return false; i++; if (toLower(s.charAt(i)) != toLower(t.charAt(i))) return false; --- a/test/java/net/URI/Test.java Thu Sep 01 06:45:00 2011 +0100 +++ b/test/java/net/URI/Test.java Thu Sep 01 13:53:59 2011 +0100 @@ -23,7 +23,7 @@ /* @test * @summary Unit test for java.net.URI - * @bug 4464135 4505046 4503239 4438319 4991359 4866303 7023363 + * @bug 4464135 4505046 4503239 4438319 4991359 4866303 7023363 7041800 * @author Mark Reinhold */ @@ -1428,6 +1428,8 @@ public class Test { gt(s, new URI("http://jag:###@###.###:94/b/c/d?q#f")); lt(s, new URI("http://jag:###@###.###:94/b/c/d?r#f")); lt(s, new URI("http://jag:###@###.###:94/b/c/d?q#g")); + eq(new URI("http://host/a%00bcd"), new URI("http://host/a%00bcd")); + ne(new URI("http://host/a%00bcd"), new URI("http://host/aZ00bcd")); lt("p", "s:p"); lt("s:p", "T:p");
2011-09-01

EVALUATION Looks like a bug in the equal(String,String) method. The Strings compare equal when there is a % in one string, a different char in the same place in the other string, but the two chars following are the same.
2011-05-04

SUGGESTED FIX diff -r 36724da65fef src/share/classes/java/net/URI.java --- a/src/share/classes/java/net/URI.java Mon May 02 20:17:18 2011 +0100 +++ b/src/share/classes/java/net/URI.java Wed May 04 11:07:15 2011 +0100 @@ -1711,6 +1711,8 @@ public final class URI i++; continue; } + if (d != '%') + return false; i++; if (toLower(s.charAt(i)) != toLower(t.charAt(i))) return false;
2011-05-04