Hello,
Attached is a patch for the issue reported at
https://bugs.openjdk.java.net/browse/JDK-8217705.
In addition to catching the NumberFormatException that can arise while
parsing (an invalid) status code in the status line, this change also
checks that the status code is indeed a 3-digit integer, as required by
the RFC-2616, section 6.1.1 [1]. In either of these cases, where the
status code is incorrect, this change now throws a
java.net.ProtocolException similar to other cases where it's thrown for
issues encountered during parsing of the status line.
The patch also contains an update to an existing test case to include
testing of these invalid status codes.
Locally, on top of this patch, I've run:
jtreg -jdk:build/macosx-x86_64-server-release/images/jdk -a -ea -esa
-agentvm -conc:4 -ignore:quiet test/jdk/java/net/httpclient
and all tests have passed:
Test results: passed: 190
Could I please get a review of this patch and someone to sponsor it?
[1] https://tools.ietf.org/html/rfc2616#section-6.1.1
-Jaikiran
# HG changeset patch
# User Jaikiran Pai <jaikiran....@gmail.com>
# Date 1560302554 -19800
# Wed Jun 12 06:52:34 2019 +0530
# Node ID fd96785afb763c7daaf189bf9ce037835efee9be
# Parent ae3dbc712839bfa9875d4e23469d8a7c01cc3167
JDK-8217705 It's a protocol error if the status code in the HTTP response
status line isn't a 3-digit integer
diff --git
a/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
b/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
---
a/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
+++
b/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
@@ -194,7 +194,15 @@
if (statusLine.length() < 12) {
throw protocolException("Invalid status line: \"%s\"", statusLine);
}
- responseCode = Integer.parseInt(statusLine.substring(9, 12));
+ try {
+ responseCode = Integer.parseInt(statusLine.substring(9, 12));
+ } catch (NumberFormatException nfe) {
+ throw protocolException("Invalid status line: \"%s\"", statusLine);
+ }
+ // response code expected to be a 3-digit integer (RFC-2616, section
6.1.1)
+ if (responseCode < 100) {
+ throw protocolException("Invalid status line: \"%s\"", statusLine);
+ }
state = State.STATUS_LINE_END;
}
diff --git
a/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
b/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
---
a/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
+++
b/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
@@ -375,6 +375,17 @@
"HTTP/1.1 200OK\r\n\rT",
"HTTP/1.1 200OK\rT",
+
+ "HTTP/1.0 FOO\r\n",
+
+ "HTTP/1.1 BAR\r\n",
+
+ "HTTP/1.1 +99\r\n",
+
+ "HTTP/1.1 -22\r\n",
+
+ "HTTP/1.1 -20 \r\n"
+
};
Arrays.stream(bad).forEach(responses::add);
