Bug in HttpClient

Michael McMahon michael.x.mcmahon at oracle.com
Fri Jul 20 10:35:54 UTC 2018 

Thanks for reporting this. I will look into it.

- Michael

On 20/07/2018, 08:38, Severin Gehwolf wrote:
> Adding net-dev
>
> On Fri, 2018-07-20 at 08:52 +0200, Thomas Lußnig wrote:
>> Hi,
>> i found an bug in JDK 10 with the new HttpClient. It does not handle
>> responses wihtout contentlength correctly.
>> Normally i would expect that the content is returned even without
>> content length. Since i can not open an JDK bug
>> i hope some person from the list can do it. Below is an example that
>> show the problem.
>>
>> Gruß Thomas Lußnig
>> import java.io.InputStream;
>> import java.io.OutputStream;
>> import java.net.InetSocketAddress;
>> import java.net.ServerSocket;
>> import java.net.Socket;
>> import java.net.URI;
>> import java.time.Duration;
>> import javax.net.ServerSocketFactory;
>> import jdk.incubator.http.HttpClient;
>> import jdk.incubator.http.HttpRequest;
>> import jdk.incubator.http.HttpResponse;
>> public class Client1 {
>>         static void server(final boolean withContentLength) {
>>               try(ServerSocket ss =
>> ServerSocketFactory.getDefault().createServerSocket()) {
>>                      ss.setReuseAddress(true);
>>                      ss.bind(new InetSocketAddress("127.0.0.1",80));
>>                      final byte[] buf = new byte[120400];
>>                      try(Socket s = ss.accept()) {
>>                            System.out.println("Accepted:
>> "+s.getRemoteSocketAddress());
>>                            try(  OutputStream os =
>> s.getOutputStream(); InputStream is = s.getInputStream()) {
>>                                   is.read(buf);
>>                                   is.read(buf);
>>                                   os.write("HTTP/1.0 200
>> OK\r\nConnection: close\r\nContent-Type: text/xml; charset=UTF-
>> 8\r\n".getBytes());
>>                                   if(withContentLength)
>> os.write("Content-Length: 4\r\n".getBytes());
>>                                   os.write("\r\n".getBytes());
>>                                   os.write("<x/>".getBytes());
>>                                   os.flush();
>>                            }
>>                      }
>>               } catch(final Throwable t) { t.printStackTrace(); }
>>        }
>>         static void client() {
>>               try {
>>                      final HttpClient client =
>> HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).build();
>>                      final HttpResponse<String>  response = client
>>                              .send(HttpRequest.newBuilder(new URI("htt
>> p://127.0.0.1/test")).timeout(Duration.ofMillis(120_000))
>>
>> .POST(HttpRequest.BodyPublisher.fromString("body")).build(),
>> HttpResponse.BodyHandler.asString());
>>                      System.out.println("Received reply: " +
>> response.statusCode());
>>                      System.out.println("Received body: " +
>> response.body());
>>               } catch(final Throwable t) { t.printStackTrace(); }
>>        }
>>          public static void main(final String[] args) throws Exception
>> {
>>               new Thread(()->server(true)).start();
>>               client();
>>               new Thread(()->server(false)).start();
>>               client();
>>         }
>> }

More information about the security-dev mailing list