Name: vrR10176 Date: 09/06/2002
RFC 2396 Uniform Resource Identifiers (URI): Generic Syntax
(for example see ftp://ftp.isi.edu/in-notes/rfc2396.txt) says:
"...
2. URI Characters and Escape Sequences
URI consist of a restricted set of characters, primarily chosen to
aid transcribability and usability both in computer systems and in
non-computer communications. Characters used conventionally as
delimiters around URI were excluded.
...
2.4.1. Escaped Encoding
An escaped octet is encoded as a character triplet, consisting of the
percent character "%" followed by the two hexadecimal digits
representing the octet code. For example, "%20" is the escaped
encoding for the US-ASCII space character.
...
2.4.3. Excluded US-ASCII Characters
The space character is excluded because significant spaces may
disappear and insignificant spaces may be introduced when URI are
transcribed or typeset or subjected to the treatment of word-
processing programs. Whitespace is also used to delimit URI in many
contexts.
space = <US-ASCII coded character 20 hexadecimal>
..."
So whitespace symbol is prohibited and should be escaped with
the sequence '%20'.
HTTP protocol uses whitespace symbol as delimiter (See RFC 2616).
So if the plugin tries to load data through http server with URI that
contains whitespaces it should replace these whitespaces (and other
excluded symbols) with escaped encoding. But plugin (JRE1.4.0) does
not do this. As a result http server instead of expected data returns
error code 404 (Not Found) or some other generated html page.
For example.
If class loader tries to load through http server class with full
name containing whitespace than either ClassNotFoundException (error
code 404 returned) or ClassFormatError (generated html page returned)
is thrown. In case of ClassFormatError exception diagnostics looks
strange: java.lang.ClassFormatError: some_class_file_name (Bad magic number).
To reproduce the issue execute following test.
----------------------------------------------------
1. Compile spaceTest.java:
-----
import java.awt.*;
import java.applet.*;
public class spaceTest extends Applet {
TextArea mytextarea;
public void init() {
setLayout(new BorderLayout());
mytextarea = new TextArea("Applet loaded");
add("Center", mytextarea);
}
public void destroy() {
remove(mytextarea);
}
public void processEvent(AWTEvent e) {
if (e.getID() == Event.WINDOW_DESTROY) {
System.exit(0);
}
}
public static void main(String args[]) {
Frame f = new Frame("spaceTest");
spaceTest spTest = new spaceTest();
spTest.init();
spTest.start();
f.add("Center", spTest);
f.setSize(300, 300);
f.show();
}
public String getAppletInfo() {
return "spaceTest";
}
}
----------------------------------------------------
2. Place class file spaceTest somewhere in directory
with whitespace in the name. For example in
"/export/home/a a"
----------------------------------------------------
3. Place somewhere html file spTestPlugin.html:
<html>
<head>
<title>WhiteSpace Test </title>
</head>
<body>
<h1>WhiteSpace Test</h1>
<EMBED
type="application/x-java-applet;jpi-version=1.4"
CODE = spaceTest.class
codebase = "http://129.144.234.49:8086/export/home/a a"
WIDTH = 400
HEIGHT = 400
<NOEMBED>
</NOEMBED>
</EMBED>
</body>
</html>
and replace "129.144.234.49:8086" with the name of your http server
and "export/home" wiht path to directory "a a".
----------------------------------------------------
4. Try to load spTestPlugin.html.
In my case "Java Plug-In Dialog" window is trown with diagnostics
java.lang.ClassNotFoundException: spaceTest.class
at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:151)
at sun.plugin.security.PluginClassLoader.findClass(PluginClassLoader.java:189)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:112)
at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:478)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:548)
at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1621)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:477)
at sun.applet.AppletPanel.run(AppletPanel.java:290)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.io.IOException: open HTTP connection failed.
at sun.applet.AppletClassLoader.getBytes(AppletClassLoader.java:224)
at sun.applet.AppletClassLoader.access$100(AppletClassLoader.java:40)
at sun.applet.AppletClassLoader$1.run(AppletClassLoader.java:141)
at java.security.AccessController.doPrivileged(Native Method)
at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:138)
... 10 more
and in Apache access_log file string is appended:
129.144.234.239 - - [06/Sep/2002:19:42:30 +0800] "GET /export/home/aa/spaceTest/class.class HTTP/1.0" 404 744
----------------------------------------------------
5.
If codebase line is replaced with line like this:
codebase = "file:///export/home/a a"
(load classes from local file system)
or line like this
codebase = "http://129.144.234.49:8086/export/home/a%20a"
(whitespace is escaped)
then class is loaded and the applet is started.
----------------------------------------------------
I use
- O/S version: Soliaris 2.8
- netscape 4.78
- http server Apache/2.0.35
- plugin (console output):
Java(TM) Plug-in: Version 1.4.0
Using JRE version 1.4.0 Java HotSpot(TM) Client VM
Due to this bug JCK1.4a test vm/jni/FindClass/fncl001/fncl00103m1/fncl00103m1.html
failed in plugin with ClassFormatError exception. Test tries to load absent class
file using jni method FindClass and expects NoClassDefFoundError as specified.
But gets ClassFormatError with folloing diagnostics:
java.lang.ClassFormatError: javasoft/sqe/tests/vm/jni/fncl001/fncl00103m1 fncl00103m1 (Bad magic number)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:509)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:146)
at sun.plugin.security.PluginClassLoader.findClass(PluginClassLoader.java:189)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:112)
at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
at javasoft.sqe.tests.vm.jni.fncl001.fncl00103m1.fncl00103m1.Nat1(Native Method)
at javasoft.sqe.tests.vm.jni.fncl001.fncl00103m1.fncl00103m1.testChecks(fncl00103m1.java:36)
at javasoft.sqe.tests.vm.jni.fncl001.fncl00103m1.fncl00103m1.run(fncl00103m1.java:105)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jck.lib.ExecJCKTestSameJVMCmd$SimpleTest.run(ExecJCKTestSameJVMCmd.java:235)
at com.sun.jck.lib.ExecJCKTestSameJVMCmd.execute(ExecJCKTestSameJVMCmd.java:194)
at com.sun.jck.lib.ExecJCKTestSameJVMCmd.run(ExecJCKTestSameJVMCmd.java:125)
at com.sun.javatest.agent.Agent$Task.executeCommand(Agent.java:818)
at com.sun.javatest.agent.Agent$Task.execute(Agent.java:749)
at com.sun.javatest.agent.Agent$Task.handleRequest(Agent.java:607)
at com.sun.javatest.agent.Agent.handleRequestsUntilClosed(Agent.java:376)
at com.sun.javatest.agent.Agent.access$000(Agent.java:42)
at com.sun.javatest.agent.Agent$1.run(Agent.java:254)
at java.lang.Thread.run(Thread.java:536)
In this case plugin does not escape whitespace and Apache returns generated
html page instead of error code 404. Plugin ClassLoader tries to resolve
this data as class and fails.
======================================================================