(tomcat) branch 9.0.x updated: Use HpackException to report HPACK issues

Wed, 04 Mar 2026 01:35:17 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 27c7e11fe5 Use HpackException to report HPACK issues
27c7e11fe5 is described below

commit 27c7e11fe517e7ab0f37981503fda598809dabd6
Author: remm <[email protected]>
AuthorDate: Wed Mar 4 10:30:41 2026 +0100

    Use HpackException to report HPACK issues
    
    The end result is the same though and the connection ends up being
    closed.
---
 java/org/apache/coyote/http2/HpackDecoder.java |  5 +++++
 java/org/apache/coyote/http2/Stream.java       | 26 +++++++++++++-------------
 webapps/docs/changelog.xml                     |  4 ++++
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/java/org/apache/coyote/http2/HpackDecoder.java 
b/java/org/apache/coyote/http2/HpackDecoder.java
index b25554582b..528f71481a 100644
--- a/java/org/apache/coyote/http2/HpackDecoder.java
+++ b/java/org/apache/coyote/http2/HpackDecoder.java
@@ -262,6 +262,11 @@ public class HpackDecoder {
         if (index <= Hpack.STATIC_TABLE_LENGTH) {
             addStaticTableEntry(index);
         } else {
+            // index is 1 based
+            if (index > Hpack.STATIC_TABLE_LENGTH + filledTableSlots) {
+                throw new 
HpackException(sm.getString("hpackdecoder.headerTableIndexInvalid", 
Integer.valueOf(index),
+                        Integer.valueOf(Hpack.STATIC_TABLE_LENGTH), 
Integer.valueOf(filledTableSlots)));
+            }
             int adjustedIndex = getRealIndex(index - 
Hpack.STATIC_TABLE_LENGTH);
             if (log.isTraceEnabled()) {
                 log.trace(sm.getString("hpackdecoder.useDynamic", 
Integer.valueOf(adjustedIndex)));
diff --git a/java/org/apache/coyote/http2/Stream.java 
b/java/org/apache/coyote/http2/Stream.java
index 6f66396f10..68d9e1a1ad 100644
--- a/java/org/apache/coyote/http2/Stream.java
+++ b/java/org/apache/coyote/http2/Stream.java
@@ -498,17 +498,17 @@ class Stream extends AbstractNonZeroStream implements 
HeaderEmitter {
         int i;
         try {
             i = Host.parse(value);
+            if (i > -1) {
+                coyoteRequest.serverName().setString(value.substring(0, i));
+                coyoteRequest.setServerPort(Integer.parseInt(value.substring(i 
+ 1)));
+            } else {
+                coyoteRequest.serverName().setString(value);
+            }
         } catch (IllegalArgumentException iae) {
             // Host value invalid
             throw new HpackException(sm.getString("stream.header.invalid", 
getConnectionId(), getIdAsString(),
                     host ? "host" : ":authority", value));
         }
-        if (i > -1) {
-            coyoteRequest.serverName().setString(value.substring(0, i));
-            coyoteRequest.setServerPort(Integer.parseInt(value.substring(i + 
1)));
-        } else {
-            coyoteRequest.serverName().setString(value);
-        }
         // Match host name with SNI if required
         if 
(!handler.getProtocol().getHttp11Protocol().checkSni(handler.getSniHostName(),
                 coyoteRequest.serverName().getString())) {
@@ -522,18 +522,18 @@ class Stream extends AbstractNonZeroStream implements 
HeaderEmitter {
         int i;
         try {
             i = Host.parse(value);
+            if (i == -1 && 
(!value.equals(coyoteRequest.serverName().getString()) || 
coyoteRequest.getServerPort() != -1) ||
+                    i > -1 && ((!value.substring(0, 
i).equals(coyoteRequest.serverName().getString()) ||
+                            Integer.parseInt(value.substring(i + 1)) != 
coyoteRequest.getServerPort()))) {
+                // Host value inconsistent
+                throw new 
HpackException(sm.getString("stream.host.inconsistent", getConnectionId(), 
getIdAsString(), value,
+                        coyoteRequest.serverName().getString(), 
Integer.toString(coyoteRequest.getServerPort())));
+            }
         } catch (IllegalArgumentException iae) {
             // Host value invalid
             throw new HpackException(
                     sm.getString("stream.header.invalid", getConnectionId(), 
getIdAsString(), "host", value));
         }
-        if (i == -1 && (!value.equals(coyoteRequest.serverName().getString()) 
|| coyoteRequest.getServerPort() != -1) ||
-                i > -1 && ((!value.substring(0, 
i).equals(coyoteRequest.serverName().getString()) ||
-                        Integer.parseInt(value.substring(i + 1)) != 
coyoteRequest.getServerPort()))) {
-            // Host value inconsistent
-            throw new HpackException(sm.getString("stream.host.inconsistent", 
getConnectionId(), getIdAsString(), value,
-                    coyoteRequest.serverName().getString(), 
Integer.toString(coyoteRequest.getServerPort())));
-        }
 
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b7b39075e6..9985f934c7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -171,6 +171,10 @@
         if getting the bytes from the certificate somehow fails.
         Pull request <pr>951</pr> provided by Chenjp. (remm)
       </fix>
+      <fix>
+        Improve HPACK exception use, making sure <code>HpackException</code>
+        is thrown instead of unexpected types. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to