OpenJDK / amber / amber
changeset 56812:444b2d3471e9
8217705: HttpClient - wrong exception type when bad status line is received
Summary: Throw a ProtocolException if the status code in the HTTP response's status line isn't a 3-digit integer
Reviewed-by: dfuchs
| author | jpai |
|---|---|
| date | Fri, 14 Jun 2019 10:19:04 +0530 |
| parents | 1afe0cb93482 |
| children | 5dcab10ebfbe |
| files | src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java |
| diffstat | 2 files changed, 20 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java Fri Jun 14 05:02:58 2019 +0000 +++ b/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java Fri Jun 14 10:19:04 2019 +0530 @@ -194,7 +194,15 @@ if (statusLine.length() < 12) { throw protocolException("Invalid status line: \"%s\"", statusLine); } - responseCode = Integer.parseInt(statusLine.substring(9, 12)); + try { + responseCode = Integer.parseInt(statusLine.substring(9, 12)); + } catch (NumberFormatException nfe) { + throw protocolException("Invalid status line: \"%s\"", statusLine); + } + // response code expected to be a 3-digit integer (RFC-2616, section 6.1.1) + if (responseCode < 100) { + throw protocolException("Invalid status line: \"%s\"", statusLine); + } state = State.STATUS_LINE_END; }
--- a/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java Fri Jun 14 05:02:58 2019 +0000 +++ b/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java Fri Jun 14 10:19:04 2019 +0530 @@ -375,6 +375,17 @@ "HTTP/1.1 200OK\r\n\rT", "HTTP/1.1 200OK\rT", + + "HTTP/1.0 FOO\r\n", + + "HTTP/1.1 BAR\r\n", + + "HTTP/1.1 +99\r\n", + + "HTTP/1.1 -22\r\n", + + "HTTP/1.1 -20 \r\n" + }; Arrays.stream(bad).forEach(responses::add);