jdk-sandbox: changeset 55392:444b2d3471e9

--- a/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java	Fri Jun 14 05:02:58 2019 +0000
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java	Fri Jun 14 10:19:04 2019 +0530
@@ -194,7 +194,15 @@
         if (statusLine.length() < 12) {
             throw protocolException("Invalid status line: \"%s\"", statusLine);
         }
-        responseCode = Integer.parseInt(statusLine.substring(9, 12));
+        try {
+            responseCode = Integer.parseInt(statusLine.substring(9, 12));
+        } catch (NumberFormatException nfe) {
+            throw protocolException("Invalid status line: \"%s\"", statusLine);
+        }
+        // response code expected to be a 3-digit integer (RFC-2616, section 6.1.1)
+        if (responseCode < 100) {
+            throw protocolException("Invalid status line: \"%s\"", statusLine);
+        }
 
         state = State.STATUS_LINE_END;
     }

--- a/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java	Fri Jun 14 05:02:58 2019 +0000
+++ b/test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java	Fri Jun 14 10:19:04 2019 +0530
@@ -375,6 +375,17 @@
              "HTTP/1.1 200OK\r\n\rT",
 
              "HTTP/1.1 200OK\rT",
+
+             "HTTP/1.0 FOO\r\n",
+
+             "HTTP/1.1 BAR\r\n",
+
+             "HTTP/1.1 +99\r\n",
+
+             "HTTP/1.1 -22\r\n",
+
+             "HTTP/1.1 -20 \r\n"
+
            };
         Arrays.stream(bad).forEach(responses::add);

author	jpai
	Fri, 14 Jun 2019 10:19:04 +0530
changeset 55392	444b2d3471e9
parent 55391	1afe0cb93482
child 55393	5dcab10ebfbe

src/java.net.http/share/classes/jdk/internal/net/http/Http1HeaderParser.java		file \| annotate \| diff \| comparison \| revisions
test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/Http1HeaderParserTest.java		file \| annotate \| diff \| comparison \| revisions