andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed issue: NETTY-237 java.lang.IllegalArgumentException when passing HTTP 1.1 spec compliant LWS separated HTTP header values

Browse Source 
* Relaxed HTTP header value validation
This commit is contained in:
Trustin Lee 2009-10-14 05:24:38 +00:00
parent d3488a1852
commit 01120b6a2b
1 changed files with 50 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
src/main/java/org/jboss/netty/handler/codec/http/DefaultHttpMessage.java
View File

@ -54,9 +54,6 @@ public class DefaultHttpMessage implements HttpMessage {
public void addHeader(final String name, final String value) { public void addHeader(final String name, final String value) {
validateHeaderName(name); validateHeaderName(name);
validateHeaderValue(value); validateHeaderValue(value);
if (value == null) {
throw new NullPointerException("value is null");
}
if (headers.get(name) == null) { if (headers.get(name) == null) {
headers.put(name, new ArrayList<String>(1)); headers.put(name, new ArrayList<String>(1));
} }
@ -66,10 +63,6 @@ public class DefaultHttpMessage implements HttpMessage {
public void setHeader(final String name, final String value) { public void setHeader(final String name, final String value) {
validateHeaderName(name); validateHeaderName(name);
validateHeaderValue(value); validateHeaderValue(value);
if (value == null) {
throw new NullPointerException("value");
}
List<String> values = new ArrayList<String>(1); List<String> values = new ArrayList<String>(1);
values.add(value); values.add(value);
headers.put(name, values); headers.put(name, values);
@ -129,16 +122,62 @@ public class DefaultHttpMessage implements HttpMessage {
if (value == null) { if (value == null) {
throw new NullPointerException("value"); throw new NullPointerException("value");
} }
// 0 - the previous character was neither CR nor LF
// 1 - the previous character was CR
// 2 - the previous character was LF
int state = 0;
for (int i = 0; i < value.length(); i ++) { for (int i = 0; i < value.length(); i ++) {
char c = value.charAt(i); char c = value.charAt(i);
// Check prohibited characters.
// Check the absolutely prohibited characters.
switch (c) { switch (c) {
case '\r': case '\n': case '\f': case '\f':
throw new IllegalArgumentException(
"value contains a prohibited character '\\f': " + value);
case 0x0b: // Vertical tab case 0x0b: // Vertical tab
throw new IllegalArgumentException( throw new IllegalArgumentException(
"value contains one of the following prohibited characters: " + "value contains a prohibited character '\\v': " + value);
"\\r\\n\\v\\f: " + value);
} }
// Check the CRLF (HT | SP) pattern
switch (state) {
case 0:
switch (c) {
case '\r':
state = 1;
break;
case '\n':
state = 2;
break;
}
break;
case 1:
switch (c) {
case '\n':
state = 2;
break;
default:
throw new IllegalArgumentException(
"Only '\\n' is allowed after '\\r': " + value);
}
break;
case 2:
switch (c) {
case ' ': case '\t':
state = 0;
break;
default:
throw new IllegalArgumentException(
"Only ' ' and '\\t' are allowed after '\\n': " + value);
}
}
}
if (state != 0) {
throw new IllegalArgumentException(
"value must not end with '\\r' or '\\n':" + value);
} }
} }