JDK-7155693 : CodeSource.matchLocation getPort test can be improved
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-03-21
  • Updated: 2012-07-17
  • Resolved: 2012-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8 b36Fixed
Related Reports
Relates :  
Description
CodeSource.matchLocation(..) method currently uses the following test to check for port equality : 

-             if (location.getPort() != -1) {
-                 if (location.getPort() != that.location.getPort())
-                     return false;
-             }

The URLStreamHandler uses a more thorough check on port equality checks. It uses the getDefaultPort call.

Comments
SUGGESTED FIX The previously suggested fix is incorrect because it does a strict equals and breaks the implies specification. If the "this" port is -1, then it doesn't matter what the "that" port or default port is, the test should always pass. The correct fix is: int thisPort = location.getPort(); if (thisPort != -1) { int thatPort = that.location.getPort(); int port = thatPort != -1 ? thatPort : that.location.getDefaultPort(); if (thisPort != port) return false; } In other words it only compares ports if "this" port is not -1.
06-04-2012

EVALUATION Should use a more thorough check.
21-03-2012

SUGGESTED FIX > int port1, port2; > int thisPort = location.getPort(); > int thatPort = that.location.getPort(); > port1 = (thisPort != -1) ? thisPort : location.getDefaultPort(); > port2 = (thatPort != -1) ? thatPort : that.location.getDefaultPort(); > if (port1 != port2) > return false;
21-03-2012