885650 – Server doing dns requests when not really necessary (java.net.URL related)

Bug 885650 - Server doing dns requests when not really necessary (java.net.URL related)

Summary: Server doing dns requests when not really necessary (java.net.URL related)

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Server
Sub Component:
Version:	550
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Michael Mráka
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	462714
TreeView+	depends on / blocked

Reported:	2012-12-10 10:26 UTC by Matej Kollar
Modified:	2015-05-29 20:09 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-05-29 20:09:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Matej Kollar 2012-12-10 10:26:14 UTC

Description of problem:

  Java class java.net.URL (used in "our" class ...frontend.nav.NavCache)
  is doing doing dns requests on "equals(Object)" and "hashCode()" method
  calls. This may lead to performance issues and information leakage.

Version-Release number of selected component (if applicable):

  spacewalk-java-1.7.54-108.el5sat

How reproducible: always/deterministic

Steps to Reproduce:

  Simple code that shows this behaviour is:

equals... (Example1.java)
> import java.net.URL;
> 
> public class Example1 {
> 
>     public static void main (String[] args) {
>         try {   
>                 URL url1 = new URL("http://www.example.com/");
>                 URL url2 = new URL("http://www.example.com/");
>                 if (url1.equals(url2)) {
>                         System.out.println ("Yes!");
>                 } else {
>                         System.out.println ("No!");
>                 }
>         } catch (Exception e) {
>                 System.out.println(e.toString());
>         }
>     }
> }

hashCode... (Example2.java)
> import java.net.URL;
> 
> public class Example2 {
> 
>     public static void main (String[] args) {
>         try {   
>                 URL url = new URL("http://www.example.com/");
>                 System.out.println("Hash is: " + url.hashCode());
>         } catch (Exception e) {
>                 System.out.println(e.toString());
>         }
>     }
> }

# javac Example1.java
# javac Example2.java
# strace -e trace=network -f  java Example1
# strace -e trace=network -f  java Example2
 
Actual results:

Thing does dns requests...
...
> [pid  6522] connect(53, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(...)} ...
> [pid  6522] sendto(53, "\207\33\1\0\0\1\0\0\0\0\0\0\3www\7example\3com\0\0\34\0"..., 33, MSG_NOSIGNAL, NULL, 0) = 33
> [pid  6522] recvfrom(53, "\207\33\201 ....
...

Expected results:

This is probably how java.net.URL is supposed to behave :-/.
But we may really reconsider its use in our code. Maybe plain String or java.net.URI?
Just something that does not connect to the network...

Aditional info:
We use this ugly beast in com.redhat.rhn.frontend.nav.NavCache.

Note You need to log in before you can comment on or make changes to this bug.