On Tue, 18 Nov 2025 14:41:33 GMT, Michael McMahon <[email protected]> wrote:
>> Josiah Noel has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> patch
>
> src/jdk.httpserver/share/classes/com/sun/net/httpserver/Headers.java line 157:
>
>> 155: throw new IllegalArgumentException("illegal character
>> in key at index " + i);
>> 156: }
>> 157: cs[0] = (char) (c - o);
>
> There's an assumption here that because of the test at line 135 then `c` must
> be a lower case letter. But, it could in principle be any `tchar` (token
> character) which includes digits and vchars other than lower case letters. We
> should check `if (c >= 'a' && c <= 'z')`
@Michael-Mc-Mahon, very good (embarrassing :facepalm:) catch!
@dfuch, I guess `httpserver/HeadersTest.java` needs a serious overhaul against
these kind of normalization edge cases. I will try tackling this tomorrow
(CET). @SentryMan, let me know if you prefer picking this up yourself.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27276#discussion_r2538711370
