Bug in HttpClient

Thomas Lußnig openjdk at suche.org
Fri Jul 20 06:52:01 UTC 2018


*Hi,*

*i found an bug in JDK 10 with the new HttpClient. It does not handle 
responses wihtout contentlength correctly.
Normally i would expect that the content is returned even without 
content length. Since i can not open an JDK bug
i hope some person from the list can do it. Below is an example that 
show the problem.*

*
Gruß Thomas Lußnig
*

*import*java.io.InputStream;
*import*java.io.OutputStream;
*import*java.net.InetSocketAddress;*
import*java.net.ServerSocket;*
import*java.net.Socket;*
import*java.net.URI;*
import*java.time.Duration;*
import*javax.net.ServerSocketFactory;
*import*jdk.incubator.http.HttpClient;*
import*jdk.incubator.http.HttpRequest;*
import*jdk.incubator.http.HttpResponse;

*public**class*Client1 {
*static**void*server(*final**boolean*withContentLength) {
*try*(ServerSocket ss= 
ServerSocketFactory./getDefault/().createServerSocket()) {
ss.setReuseAddress(*true*);
ss.bind(*new*InetSocketAddress("127.0.0.1",80));
*final**byte*[] buf= *new**byte*[120400];
*try*(Socket s= ss.accept()) {
                           System.*/out/*.println("Accepted: 
"+s.getRemoteSocketAddress());
*try*(  OutputStream os= s.getOutputStream();InputStream is= 
s.getInputStream()) {
is.read(buf);
is.read(buf);
os.write("HTTP/1.0 200 OK\r\nConnection: close\r\nContent-Type: 
text/xml; charset=UTF-8\r\n".getBytes());
*if*(withContentLength) os.write("Content-Length: 4\r\n".getBytes());
os.write("\r\n".getBytes());
os.write("<x/>".getBytes());
os.flush();
                           }
                     }
              } *catch*(*final*Throwable t) { t.printStackTrace(); }
       }

*static**void*client() {
*try*{
*final*HttpClient client= 
HttpClient./newBuilder/().version(HttpClient.Version.*/HTTP_2/*).build();
*final*HttpResponse<String> response= client
                             
.send(HttpRequest./newBuilder/(*new*URI("http://127.0.0.1/test")).timeout(Duration./ofMillis/(120_000))

.POST(HttpRequest.BodyPublisher./fromString/("body")).build(), 
HttpResponse.BodyHandler./asString/());

                     System.*/out/*.println("Received reply: "+ 
response.statusCode());
                     System.*/out/*.println("Received body: "+ 
response.body());
              } *catch*(*final*Throwable t) { t.printStackTrace(); }
       }

*public**static**void*main(*final*String[] args) *throws*Exception {
*new*Thread(()->/server/(*true*)).start();
/client/();
*new*Thread(()->/server/(*false*)).start();
/client/();
        }
}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20180720/9ffec920/attachment-0001.html>


More information about the security-dev mailing list