Reject ftp URLConnection containing /r/n in user info. Change-Id: Iac06b3cc9a8a184f918d817d266eac55699d13bc

commit: 92a7b90bca984fc219d5547c7196d1db3e003342 [log] [tgz]
author: Przemyslaw Szczepaniak <pszczepaniak@google.com> Mon Mar 27 13:19:35 2017 +0100
committer: android-build-team Robot <android-build-team-robot@google.com> Thu Apr 20 22:36:21 2017 +0000
tree: ebcd9749667c2c644244cab0937da5475ec7fa64
parent: e0874054acea0e164c4464d3bb82302df50e8e5c [diff]
diff --git a/ojluni/src/main/java/sun/net/www/protocol/ftp/FtpURLConnection.java b/ojluni/src/main/java/sun/net/www/protocol/ftp/FtpURLConnection.java
index e2b7fa1..fd96343 100755
--- a/ojluni/src/main/java/sun/net/www/protocol/ftp/FtpURLConnection.java
+++ b/ojluni/src/main/java/sun/net/www/protocol/ftp/FtpURLConnection.java

@@ -184,6 +184,12 @@
         }
 
         if (userInfo != null) { // get the user and password
+            // Android-changed: Added a test for CR/LF presence in the userInfo
+            if (userInfo.indexOf("\r") != -1 || userInfo.indexOf("\n") != -1) {
+                throw new IOException("<CR> and/or <LF> characters in username and password are"
+                        + " not permitted");
+            }
+
             int delimiter = userInfo.indexOf(':');
             if (delimiter == -1) {
                 user = ParseUtil.decode(userInfo);
commit	92a7b90bca984fc219d5547c7196d1db3e003342	[log] [tgz]
author	Przemyslaw Szczepaniak <pszczepaniak@google.com>	Mon Mar 27 13:19:35 2017 +0100
committer	android-build-team Robot <android-build-team-robot@google.com>	Thu Apr 20 22:36:21 2017 +0000
tree	ebcd9749667c2c644244cab0937da5475ec7fa64
parent	e0874054acea0e164c4464d3bb82302df50e8e5c [diff]