Pull upstream fix for CVE-2016-5552 am: 7247f6a70e am: 7013de23a1

am: 0398dec2b9 Change-Id: Ia14b67836ef51d66024f3f5a7f482769e4943ed6
author: Yi Kong <yikong@google.com> 2017-02-14 06:14:28 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-02-14 06:14:28 +0000
commit: cb3d605b46306cd5a899177f7bae3da39d59d1bb (patch)
tree: fd7e9a7fed274ef06cc29789edbf73c28eacb1b1
parent: 9f8d1b9299414b57eff21c6a540d207ca9722fdc (diff)
parent: 0398dec2b932770275ab61ae04b0424f352ea21a (diff)
2 files changed, 17 insertions, 12 deletions
diff --git a/luni/src/test/java/libcore/java/net/URLTest.java b/luni/src/test/java/libcore/java/net/URLTest.java
index 629015f3cd..7a323af58e 100644
--- a/luni/src/test/java/libcore/java/net/URLTest.java
+++ b/luni/src/test/java/libcore/java/net/URLTest.java
@@ -779,4 +779,11 @@ public final class URLTest extends TestCase {
         assertEquals(host, url.getHost());
         assertEquals(fragment, url.getRef());
     }
+
+    // http://b/33351987
+    public void testMultipleUserField() throws Exception {
+        final String host = "http://multiple@users@url.com";
+        URL url = new URL(host);
+        assertNull(url.getUserInfo());
+    }
 }
diff --git a/ojluni/src/main/java/java/net/URLStreamHandler.java b/ojluni/src/main/java/java/net/URLStreamHandler.java
index ddea036627..0892d6741d 100755
--- a/ojluni/src/main/java/java/net/URLStreamHandler.java
+++ b/ojluni/src/main/java/java/net/URLStreamHandler.java
@@ -169,26 +169,24 @@ public abstract class URLStreamHandler {
             (spec.charAt(start + 1) == '/')) {
             start += 2;
             i = spec.indexOf('/', start);
-            if (i < 0) {
+            if (i < 0 || i > limit) {
                 i = spec.indexOf('?', start);
-                if (i < 0)
+                if (i < 0 || i > limit)
                     i = limit;
             }
 
-            // ----- BEGIN android -----
-            // i may become greater than limit
-            // b/31858037
-            if (i > limit) {
-                i = limit;
-            }
-            // ----- END android -----
-
             host = authority = spec.substring(start, i);
 
             int ind = authority.indexOf('@');
             if (ind != -1) {
-                userInfo = authority.substring(0, ind);
-                host = authority.substring(ind+1);
+                if (ind != authority.lastIndexOf('@')) {
+                    // more than one '@' in authority. This is not server based
+                    userInfo = null;
+                    host = null;
+                } else {
+                    userInfo = authority.substring(0, ind);
+                    host = authority.substring(ind+1);
+                }
             } else {
                 userInfo = null;
             }
author	Yi Kong <yikong@google.com>	2017-02-14 06:14:28 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-02-14 06:14:28 +0000
commit	cb3d605b46306cd5a899177f7bae3da39d59d1bb (patch)
tree	fd7e9a7fed274ef06cc29789edbf73c28eacb1b1
parent	9f8d1b9299414b57eff21c6a540d207ca9722fdc (diff)
parent	0398dec2b932770275ab61ae04b0424f352ea21a (diff)