Mercurial > hg > release > icedtea7-forest-2.6 > jdk

changeset 9931:ab59eebcf079

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8234825: Better Headings for HTTP Servers Reviewed-by: chegar, dfuchs, igerasim
author michaelm
date Wed, 29 Jan 2020 21:46:58 +0300
parents fe2a830bf68a
children 562298bad83c
files src/share/classes/com/sun/net/httpserver/Headers.java
diffstat 1 files changed, 32 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/net/httpserver/Headers.java	Mon Nov 25 09:50:30 2019 -0800
+++ b/src/share/classes/com/sun/net/httpserver/Headers.java	Wed Jan 29 21:46:58 2020 +0300
@@ -79,11 +79,14 @@
             char[] b = key.toCharArray();
             if (b[0] >= 'a' && b[0] <= 'z') {
                 b[0] = (char)(b[0] - ('a' - 'A'));
-            }
+            } else if (b[0] == '\r' || b[0] == '\n')
+                throw new IllegalArgumentException("illegal character in key");
+
             for (int i=1; i<len; i++) {
                 if (b[i] >= 'A' && b[i] <= 'Z') {
                     b[i] = (char) (b[i] + ('a' - 'A'));
-                }
+                } else if (b[i] == '\r' || b[i] == '\n')
+                    throw new IllegalArgumentException("illegal character in key");
             }
             return new String(b);
         }
@@ -125,6 +128,8 @@
         }
 
         public List<String> put(String key, List<String> value) {
+            for (String v : value)
+                checkValue(v);
             return map.put (normalize(key), value);
         }
 
@@ -136,6 +141,7 @@
          * @param value the header value to add to the header
          */
         public void add (String key, String value) {
+            checkValue(value);
             String k = normalize(key);
             List<String> l = map.get(k);
             if (l == null) {
@@ -145,6 +151,30 @@
             l.add (value);
         }
 
+        private static void checkValue(String value) {
+            int len = value.length();
+            for (int i=0; i<len; i++) {
+                char c = value.charAt(i);
+                if (c == '\r') {
+                    // is allowed if it is followed by \n and a whitespace char
+                    if (i >= len - 2) {
+                        throw new IllegalArgumentException("Illegal CR found in header");
+                    }
+                    char c1 = value.charAt(i+1);
+                    char c2 = value.charAt(i+2);
+                    if (c1 != '\n') {
+                        throw new IllegalArgumentException("Illegal char found after CR in header");
+                    }
+                    if (c2 != ' ' && c2 != '\t') {
+                        throw new IllegalArgumentException("No whitespace found after CRLF in header");
+                    }
+                    i+=2;
+                } else if (c == '\n') {
+                    throw new IllegalArgumentException("Illegal LF found in header");
+                }
+            }
+        }
+
         /**
          * sets the given value as the sole header value
          * for the given key. If the mapping does not