> Constructing URLPermission with an empty/missing host in the authority (e.g., > `"http:///path"`) could throw `StringIndexOutOfBoundsException`. > > **Problem** > Empty or malformed authorities reach HostPortrange, which does `charAt(0)` > without checking, causing `StringIndexOutOfBoundsException`. > > **Fix** > - `URLPermission.Authority`: after stripping userinfo, fail fast if host part > is empty. > - `HostPortrange`: add guards for null/empty input and leading ':' (port > without host). > - No `HttpURLConnection` changes needed in JDK 26 (the `SecurityManager` > permission path is gone). > > **Compatibility** > Only affects malformed inputs: previously `StringIndexOutOfBoundsException`, > now `IllegalArgumentException`. Valid inputs unaffected. > > **Testing** > New jtreg test: `test/jdk/java/net/URLPermission/EmptyAuthorityTest.java` > verifies `IllegalArgumentException` for malformed authorities and success for > valid ones.
Oumaiyma Intissar has updated the pull request incrementally with one additional commit since the last revision: Remove invalid host check in HostPortrange Removed check for leading ':' in host authority. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27896/files - new: https://git.openjdk.org/jdk/pull/27896/files/a4089913..17d1c7a7 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=01-02 Stats: 4 lines in 1 file changed: 0 ins; 4 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/27896.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27896/head:pull/27896 PR: https://git.openjdk.org/jdk/pull/27896
