Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9931:ab59eebcf079
8234825: Better Headings for HTTP Servers
Reviewed-by: chegar, dfuchs, igerasim
author | michaelm |
---|---|
date | Wed, 29 Jan 2020 21:46:58 +0300 |
parents | fe2a830bf68a |
children | 562298bad83c |
files | src/share/classes/com/sun/net/httpserver/Headers.java |
diffstat | 1 files changed, 32 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/net/httpserver/Headers.java Mon Nov 25 09:50:30 2019 -0800 +++ b/src/share/classes/com/sun/net/httpserver/Headers.java Wed Jan 29 21:46:58 2020 +0300 @@ -79,11 +79,14 @@ char[] b = key.toCharArray(); if (b[0] >= 'a' && b[0] <= 'z') { b[0] = (char)(b[0] - ('a' - 'A')); - } + } else if (b[0] == '\r' || b[0] == '\n') + throw new IllegalArgumentException("illegal character in key"); + for (int i=1; i<len; i++) { if (b[i] >= 'A' && b[i] <= 'Z') { b[i] = (char) (b[i] + ('a' - 'A')); - } + } else if (b[i] == '\r' || b[i] == '\n') + throw new IllegalArgumentException("illegal character in key"); } return new String(b); } @@ -125,6 +128,8 @@ } public List<String> put(String key, List<String> value) { + for (String v : value) + checkValue(v); return map.put (normalize(key), value); } @@ -136,6 +141,7 @@ * @param value the header value to add to the header */ public void add (String key, String value) { + checkValue(value); String k = normalize(key); List<String> l = map.get(k); if (l == null) { @@ -145,6 +151,30 @@ l.add (value); } + private static void checkValue(String value) { + int len = value.length(); + for (int i=0; i<len; i++) { + char c = value.charAt(i); + if (c == '\r') { + // is allowed if it is followed by \n and a whitespace char + if (i >= len - 2) { + throw new IllegalArgumentException("Illegal CR found in header"); + } + char c1 = value.charAt(i+1); + char c2 = value.charAt(i+2); + if (c1 != '\n') { + throw new IllegalArgumentException("Illegal char found after CR in header"); + } + if (c2 != ' ' && c2 != '\t') { + throw new IllegalArgumentException("No whitespace found after CRLF in header"); + } + i+=2; + } else if (c == '\n') { + throw new IllegalArgumentException("Illegal LF found in header"); + } + } + } + /** * sets the given value as the sole header value * for the given key. If the mapping does not