> Constructing URLPermission with an empty/missing host in the authority (e.g., > `"http:///path"`) could throw `StringIndexOutOfBoundsException`. > > **Problem** > Empty or malformed authorities reach HostPortrange, which does `charAt(0)` > without checking, causing `StringIndexOutOfBoundsException`. > > **Fix** > - `URLPermission.Authority`: after stripping userinfo, fail fast if host part > is empty. > - `HostPortrange`: add guards for null/empty input and leading ':' (port > without host). > - No `HttpURLConnection` changes needed in JDK 26 (the `SecurityManager` > permission path is gone). > > **Compatibility** > Only affects malformed inputs: previously `StringIndexOutOfBoundsException`, > now `IllegalArgumentException`. Valid inputs unaffected. > > **Testing** > New jtreg test: `test/jdk/java/net/URLPermission/EmptyAuthorityTest.java` > verifies `IllegalArgumentException` for malformed authorities and success for > valid ones.
Oumaiyma Intissar has updated the pull request incrementally with one additional commit since the last revision: Fix missing newline at end of EmptyAuthorityTest.java Add missing newline at the end of the file. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27896/files - new: https://git.openjdk.org/jdk/pull/27896/files/1d28e6fd..a4089913 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=00-01 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/27896.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27896/head:pull/27896 PR: https://git.openjdk.org/jdk/pull/27896
