Bug in HttpClient
Severin Gehwolf
sgehwolf at redhat.com
Fri Jul 20 07:38:26 UTC 2018
Adding net-dev
On Fri, 2018-07-20 at 08:52 +0200, Thomas Lußnig wrote:
> Hi,
> i found an bug in JDK 10 with the new HttpClient. It does not handle
> responses wihtout contentlength correctly.
> Normally i would expect that the content is returned even without
> content length. Since i can not open an JDK bug
> i hope some person from the list can do it. Below is an example that
> show the problem.
>
> Gruß Thomas Lußnig
> import java.io.InputStream;
> import java.io.OutputStream;
> import java.net.InetSocketAddress;
> import java.net.ServerSocket;
> import java.net.Socket;
> import java.net.URI;
> import java.time.Duration;
> import javax.net.ServerSocketFactory;
> import jdk.incubator.http.HttpClient;
> import jdk.incubator.http.HttpRequest;
> import jdk.incubator.http.HttpResponse;
> public class Client1 {
> static void server(final boolean withContentLength) {
> try(ServerSocket ss =
> ServerSocketFactory.getDefault().createServerSocket()) {
> ss.setReuseAddress(true);
> ss.bind(new InetSocketAddress("127.0.0.1",80));
> final byte[] buf = new byte[120400];
> try(Socket s = ss.accept()) {
> System.out.println("Accepted:
> "+s.getRemoteSocketAddress());
> try( OutputStream os =
> s.getOutputStream(); InputStream is = s.getInputStream()) {
> is.read(buf);
> is.read(buf);
> os.write("HTTP/1.0 200
> OK\r\nConnection: close\r\nContent-Type: text/xml; charset=UTF-
> 8\r\n".getBytes());
> if(withContentLength)
> os.write("Content-Length: 4\r\n".getBytes());
> os.write("\r\n".getBytes());
> os.write("<x/>".getBytes());
> os.flush();
> }
> }
> } catch(final Throwable t) { t.printStackTrace(); }
> }
> static void client() {
> try {
> final HttpClient client =
> HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).build();
> final HttpResponse<String> response = client
> .send(HttpRequest.newBuilder(new URI("htt
> p://127.0.0.1/test")).timeout(Duration.ofMillis(120_000))
>
> .POST(HttpRequest.BodyPublisher.fromString("body")).build(),
> HttpResponse.BodyHandler.asString());
> System.out.println("Received reply: " +
> response.statusCode());
> System.out.println("Received body: " +
> response.body());
> } catch(final Throwable t) { t.printStackTrace(); }
> }
> public static void main(final String[] args) throws Exception
> {
> new Thread(()->server(true)).start();
> client();
> new Thread(()->server(false)).start();
> client();
> }
> }
More information about the security-dev
mailing list