stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8269944: Better HTTP transport redux

Browse Source 
Reviewed-by: dfuchs, chegar, rhalade, ahgross
This commit is contained in:
Patrick Concannon 2021-07-14 13:41:38 +00:00 committed by Henry Jen
parent feff0e5578
commit 29f61b3b0a
4 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/jdk.httpserver/share/classes/sun/net/httpserver/FixedLengthInputStream.java
View File

@ -41,6 +41,9 @@ class FixedLengthInputStream extends LeftOverInputStream {
FixedLengthInputStream (ExchangeImpl t, InputStream src, long len) { FixedLengthInputStream (ExchangeImpl t, InputStream src, long len) {
super (t, src); super (t, src);
if (len < 0) {
throw new IllegalArgumentException("Content-Length: " + len);
}
this.remaining = len; this.remaining = len;
} }

3
src/jdk.httpserver/share/classes/sun/net/httpserver/FixedLengthOutputStream.java
View File

@ -47,6 +47,9 @@ class FixedLengthOutputStream extends FilterOutputStream
FixedLengthOutputStream (ExchangeImpl t, OutputStream src, long len) { FixedLengthOutputStream (ExchangeImpl t, OutputStream src, long len) {
super (src); super (src);
if (len < 0) {
throw new IllegalArgumentException("Content-Length: " + len);
}
this.t = t; this.t = t;
this.remaining = len; this.remaining = len;
} }

6
src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -208,7 +208,9 @@ class Request {
"sun.net.httpserver.maxReqHeaders) exceeded, " + "sun.net.httpserver.maxReqHeaders) exceeded, " +
ServerConfig.getMaxReqHeaders() + "."); ServerConfig.getMaxReqHeaders() + ".");
} }
if (k == null) { // Headers disallows null keys, use empty string
k = ""; // instead to represent invalid key
}
hdrs.add (k,v); hdrs.add (k,v);
len = 0; len = 0;
} }

5
src/jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java
View File

@ -618,6 +618,11 @@ class ServerImpl implements TimeSource {
headerValue = headers.getFirst("Content-Length"); headerValue = headers.getFirst("Content-Length");
if (headerValue != null) { if (headerValue != null) {
clen = Long.parseLong(headerValue); clen = Long.parseLong(headerValue);
if (clen < 0) {
reject(Code.HTTP_BAD_REQUEST, requestLine,
"Illegal Content-Length value");
return;
}
} }
if (clen == 0) { if (clen == 0) {
requestCompleted(connection); requestCompleted(connection);