Detect missing colon when parsing http headers with no value (#9871)

Motivation:

Technical speaking its valid to have http headers with no values so we should support it. That said we need to detect if these are "generated" because of an "invalid" fold.

Modifications:

- Detect if a colon is missing when parsing headers.
- Add unit test

Result:

Fixes https://github.com/netty/netty/issues/9866
This commit is contained in:
Norman Maurer 2019-12-11 15:49:07 +01:00 committed by GitHub
parent cf63bc1005
commit a7c18d44b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 0 deletions

View File

@ -747,6 +747,11 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
} }
} }
if (nameEnd == length) {
// There was no colon present at all.
throw new IllegalArgumentException("No colon found");
}
for (colonEnd = nameEnd; colonEnd < length; colonEnd ++) { for (colonEnd = nameEnd; colonEnd < length; colonEnd ++) {
if (sb.charAtUnsafe(colonEnd) == ':') { if (sb.charAtUnsafe(colonEnd) == ':') {
colonEnd ++; colonEnd ++;

View File

@ -334,4 +334,20 @@ public class HttpRequestDecoderTest {
assertTrue(request.decoderResult().cause() instanceof IllegalArgumentException); assertTrue(request.decoderResult().cause() instanceof IllegalArgumentException);
assertFalse(channel.finish()); assertFalse(channel.finish());
} }
@Test
public void testHeaderWithNoValueAndMissingColon() {
EmbeddedChannel channel = new EmbeddedChannel(new HttpRequestDecoder());
String requestStr = "GET /some/path HTTP/1.1\r\n" +
"Content-Length: 0\r\n" +
"Host:\r\n" +
"netty.io\r\n\r\n";
assertTrue(channel.writeInbound(Unpooled.copiedBuffer(requestStr, CharsetUtil.US_ASCII)));
HttpRequest request = channel.readInbound();
System.err.println(request.headers().names().toString());
assertTrue(request.decoderResult().isFailure());
assertTrue(request.decoderResult().cause() instanceof IllegalArgumentException);
assertFalse(channel.finish());
}
} }