[PATCH] JDK-8217705 - HTTPClient wrong exception type when bad status line is received

Jaikiran Pai jai.forums2013 at gmail.com
Wed Jun 12 01:46:08 UTC 2019 

Hello,

Attached is a patch for the issue reported at
https://bugs.openjdk.java.net/browse/JDK-8217705.

In addition to catching the NumberFormatException that can arise while
parsing (an invalid) status code in the status line, this change also
checks that the status code is indeed a 3-digit integer, as required by
the RFC-2616, section 6.1.1 [1]. In either of these cases, where the
status code is incorrect, this change now throws a
java.net.ProtocolException similar to other cases where it's thrown for
issues encountered during parsing of the status line.

The patch also contains an update to an existing test case to include
testing of these invalid status codes.

Locally, on top of this patch, I've run:

jtreg -jdk:build/macosx-x86_64-server-release/images/jdk -a -ea -esa
-agentvm -conc:4 -ignore:quiet test/jdk/java/net/httpclient

and all tests have passed:

Test results: passed: 190

Could I please get a review of this patch and someone to sponsor it?

[1] https://tools.ietf.org/html/rfc2616#section-6.1.1

-Jaikiran

-------------- next part --------------
# HG changeset patch
# User Jaikiran Pai <jaikiran.pai at gmail.com>
# Date 1560302554 -19800
#      Wed Jun 12 06:52:34 2019 +0530
# Node ID fd96785afb763c7daaf189bf9ce037835efee9be
# Parent  ae3dbc712839bfa9875d4e23469d8a7c01cc3167
JDK-8217705 It's a protocol error if the status code in the HTTP response status line isn't a 3-digit integer

diff --git a/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java b/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
--- a/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java
@@ -194,7 +194,15 @@
         if (statusLine.length() < 12) {
             throw protocolException("Invalid status line: \"%s\"", statusLine);
         }
-        responseCode = Integer.parseInt(statusLine.substring(9, 12));
+        try {
+            responseCode = Integer.parseInt(statusLine.substring(9, 12));
+        } catch (NumberFormatException nfe) {
+            throw protocolException("Invalid status line: \"%s\"", statusLine);
+        }
+        // response code expected to be a 3-digit integer (RFC-2616, section 6.1.1)
+        if (responseCode < 100) {
+            throw protocolException("Invalid status line: \"%s\"", statusLine);
+        }
 
         state = State.STATUS_LINE_END;
     }
diff --git a/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java b/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
--- a/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
+++ b/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java
@@ -375,6 +375,17 @@
              "HTTP/1.1 200OK\r\n\rT",
 
              "HTTP/1.1 200OK\rT",
+
+             "HTTP/1.0 FOO\r\n",
+
+             "HTTP/1.1 BAR\r\n",
+
+             "HTTP/1.1 +99\r\n",
+
+             "HTTP/1.1 -22\r\n",
+
+             "HTTP/1.1 -20 \r\n"
+
            };
         Arrays.stream(bad).forEach(responses::add);

More information about the net-dev mailing list