infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-01-28 03:58:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

8362632: Improve HttpServer Request handling

Browse Source 
Reviewed-by: djelinski, dfuchs
This commit is contained in:
Michael McMahon 2025-09-15 13:31:30 +00:00 committed by bchristi
parent 7e3e35abef
commit f24fadc624
3 changed files with 57 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/jdk.httpserver/share/classes/com/sun/net/httpserver/Headers.java
View File

@ -36,6 +36,7 @@ import java.util.Set;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import sun.net.httpserver.UnmodifiableHeaders;
import sun.net.httpserver.Utils;
/**
* HTTP request and response headers are represented by this class which
@ -216,8 +217,13 @@ public class Headers implements Map<String, List<String>> {
@Override
public List<String> put(String key, List<String> value) {
// checkHeader is called in this class to fail fast
// It also must be called in sendResponseHeaders because
// Headers instances internal state can be modified
// external to these methods.
Utils.checkHeader(key, false);
for (String v : value)
checkValue(v);
Utils.checkHeader(v, true);
return map.put(normalize(key), value);
}
@ -229,7 +235,8 @@ public class Headers implements Map<String, List<String>> {
* @param value the value to add to the header
*/
public void add(String key, String value) {
checkValue(value);
Utils.checkHeader(key, false);
Utils.checkHeader(value, true);
String k = normalize(key);
List<String> l = map.get(k);
if (l == null) {
@ -239,30 +246,6 @@ public class Headers implements Map<String, List<String>> {
l.add(value);
}
private static void checkValue(String value) {
int len = value.length();
for (int i=0; i<len; i++) {
char c = value.charAt(i);
if (c == '\r') {
// is allowed if it is followed by \n and a whitespace char
if (i >= len - 2) {
throw new IllegalArgumentException("Illegal CR found in header");
}
char c1 = value.charAt(i+1);
char c2 = value.charAt(i+2);
if (c1 != '\n') {
throw new IllegalArgumentException("Illegal char found after CR in header");
}
if (c2 != ' ' && c2 != '\t') {
throw new IllegalArgumentException("No whitespace found after CRLF in header");
}
i+=2;
} else if (c == '\n') {
throw new IllegalArgumentException("Illegal LF found in header");
}
}
}
/**
* Sets the given {@code value} as the sole header value for the given
* {@code key}. If the mapping does not already exist, then it is created.
@ -304,7 +287,7 @@ public class Headers implements Map<String, List<String>> {
public void replaceAll(BiFunction<? super String, ? super List<String>, ? extends List<String>> function) {
var f = function.andThen(values -> {
Objects.requireNonNull(values);
values.forEach(Headers::checkValue);
values.forEach(value -> Utils.checkHeader(value, true));
return values;
});
Map.super.replaceAll(f);

19
src/jdk.httpserver/share/classes/sun/net/httpserver/ExchangeImpl.java
View File

@ -207,6 +207,8 @@ class ExchangeImpl {
return uos_orig;
}
private static final byte[] CRLF = new byte[] {0x0D, 0x0A};
public void sendResponseHeaders(int rCode, long contentLen)
throws IOException
{
@ -215,10 +217,11 @@ class ExchangeImpl {
throw new IOException("headers already sent");
}
this.rcode = rCode;
String statusLine = "HTTP/1.1 " + rCode + Code.msg(rCode) + "\r\n";
String statusLine = "HTTP/1.1 " + rCode + Code.msg(rCode);
ByteArrayOutputStream tmpout = new ByteArrayOutputStream();
PlaceholderOutputStream o = getPlaceholderResponseBody();
tmpout.write(bytes(statusLine, 0), 0, statusLine.length());
tmpout.write(bytes(statusLine, false, 0), 0, statusLine.length());
tmpout.write(CRLF);
boolean noContentToSend = false; // assume there is content
boolean noContentLengthHeader = false; // must not send Content-length is set
rspHdrs.set("Date", FORMATTER.format(Instant.now()));
@ -305,11 +308,11 @@ class ExchangeImpl {
List<String> values = entry.getValue();
for (String val : values) {
int i = key.length();
buf = bytes(key, 2);
buf = bytes(key, true, 2);
buf[i++] = ':';
buf[i++] = ' ';
os.write(buf, 0, i);
buf = bytes(val, 2);
buf = bytes(val, false, 2);
i = val.length();
buf[i++] = '\r';
buf[i++] = '\n';
@ -327,8 +330,14 @@ class ExchangeImpl {
* Make sure that at least "extra" bytes are free at end
* of rspbuf. Reallocate rspbuf if not big enough.
* caller must check return value to see if rspbuf moved
*
* Header values are supposed to be limited to 7-bit ASCII
* but 8-bit has to be allowed (for ISO_8859_1). For efficiency
* we just down cast 16 bit Java chars to byte. We don't allow
* any character that can't be encoded in 8 bits.
*/
private byte[] bytes(String s, int extra) {
private byte[] bytes(String s, boolean isKey, int extra) throws IOException {
Utils.checkHeader(s, !isKey);
int slen = s.length();
if (slen+extra > rspbuf.length) {
int diff = slen + extra - rspbuf.length;

33
src/jdk.httpserver/share/classes/sun/net/httpserver/Utils.java
View File

@ -88,4 +88,37 @@ public class Utils {
}
return true;
}
/* Throw IAE if illegal character found. isValue is true if String is
* a value. Otherwise it is header name
*/
public static void checkHeader(String str, boolean isValue) {
int len = str.length();
for (int i=0; i<len; i++) {
char c = str.charAt(i);
if (c == '\r') {
if (!isValue) {
throw new IllegalArgumentException("Illegal CR found in header");
}
// is allowed if it is followed by \n and a whitespace char
if (i >= len - 2) {
throw new IllegalArgumentException("Illegal CR found in header");
}
char c1 = str.charAt(i+1);
char c2 = str.charAt(i+2);
if (c1 != '\n') {
throw new IllegalArgumentException("Illegal char found after CR in header");
}
if (c2 != ' ' && c2 != '\t') {
throw new IllegalArgumentException("No whitespace found after CRLF in header");
}
i+=2;
} else if (c == '\n') {
throw new IllegalArgumentException("Illegal LF found in header");
} else if (c > 255) {
throw new IllegalArgumentException("Illegal character found in header");
}
}
}
}