RFR: 8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields [v2]
Daniel Fuchs
dfuchs at openjdk.org
Mon Mar 13 11:09:21 UTC 2023
On Fri, 10 Mar 2023 14:27:21 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> According to RFC 9113:
>>
>> A malformed request or response is one that is an otherwise valid sequence of HTTP/2 frames but is invalid due to the presence of extraneous frames, prohibited fields or pseudo-header fields, the absence of mandatory pseudo-header fields, the inclusion of uppercase field names, or invalid field names and/or values (in certain circumstances; see [Section 8.2](https://www.rfc-editor.org/rfc/rfc9113#HttpHeaders)).
>> [...]
>> Malformed requests or responses that are detected MUST be treated as a [stream error](https://www.rfc-editor.org/rfc/rfc9113#StreamErrorHandler) ([Section 5.4.2](https://www.rfc-editor.org/rfc/rfc9113#StreamErrorHandler)) of type [PROTOCOL_ERROR](https://www.rfc-editor.org/rfc/rfc9113#PROTOCOL_ERROR).
>>
>> The current behavior is to close the connection with protocol error. This change makes it reset the stream instead.
>
> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>
> - add bug id to test
> - Merge branch 'master' into MalformedResponse-8303965
> - 8303965
src/java.net.http/share/classes/jdk/internal/net/http/Stream.java line 1607:
> 1605: // treated as a stream error (Section 5.4.2) of type
> 1606: // PROTOCOL_ERROR.
> 1607: onProtocolError(uio.getCause());
Suggestion:
// reset stream: From RFC 9113, section 8.1
// Malformed requests or responses that are detected MUST be
// treated as a stream error (Section 5.4.2) of type
// PROTOCOL_ERROR.
onProtocolError(uio.getCause());
src/java.net.http/share/classes/jdk/internal/net/http/common/ValidatingHeadersConsumer.java line 32:
> 30:
> 31: /*
> 32: * Checks RFC 7540 rules (relaxed) compliance regarding pseudo-headers.
Suggestion:
* Checks RFC 9113 rules (relaxed) compliance regarding pseudo-headers.
-------------
PR: https://git.openjdk.org/jdk/pull/12976
More information about the net-dev
mailing list