8217705: HttpClient - wrong exception type when bad status line is received

Throw a ProtocolException if the status code in the HTTP response's status line isn't a 3-digit integer Reviewed-by: dfuchs
2019-06-14 10:19:04 +05:30 · 2019-06-14 10:19:04 +05:30 · a92f0016f3
commit a92f0016f3
parent 822c02437a
2 changed files with 20 additions and 1 deletions
--- a/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
@ -194,7 +194,15 @@ class Http1HeaderParser {
        if (statusLine.length() < 12) {
            throw protocolException("Invalid status line: \"%s\"", statusLine);
        }
-        responseCode = Integer.parseInt(statusLine.substring(9, 12));
+        try {
+            responseCode = Integer.parseInt(statusLine.substring(9, 12));
+        } catch (NumberFormatException nfe) {
+            throw protocolException("Invalid status line: \"%s\"", statusLine);
+        }
+        // response code expected to be a 3-digit integer (RFC-2616, section 6.1.1)
+        if (responseCode < 100) {
+            throw protocolException("Invalid status line: \"%s\"", statusLine);
+        }

        state = State.STATUS_LINE_END;
    }
--- a/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
+++ b/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
@ -375,6 +375,17 @@ public class Http1HeaderParserTest {
             "HTTP/1.1 200OK\r\n\rT",

             "HTTP/1.1 200OK\rT",
+
+             "HTTP/1.0 FOO\r\n",
+
+             "HTTP/1.1 BAR\r\n",
+
+             "HTTP/1.1 +99\r\n",
+
+             "HTTP/1.1 -22\r\n",
+
+             "HTTP/1.1 -20 \r\n"
+
           };
        Arrays.stream(bad).forEach(responses::add);