Re: RFR: 8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields [v2]

Mon, 13 Mar 2023 04:09:59 -0700 

On Fri, 10 Mar 2023 14:27:21 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:

>> According to RFC 9113:
>> 
>> A malformed request or response is one that is an otherwise valid sequence 
>> of HTTP/2 frames but is invalid due to the presence of extraneous frames, 
>> prohibited fields or pseudo-header fields, the absence of mandatory 
>> pseudo-header fields, the inclusion of uppercase field names, or invalid 
>> field names and/or values (in certain circumstances; see [Section 
>> 8.2](https://www.rfc-editor.org/rfc/rfc9113#HttpHeaders)).
>> [...]
>> Malformed requests or responses that are detected MUST be treated as a 
>> [stream error](https://www.rfc-editor.org/rfc/rfc9113#StreamErrorHandler) 
>> ([Section 5.4.2](https://www.rfc-editor.org/rfc/rfc9113#StreamErrorHandler)) 
>> of type 
>> [PROTOCOL_ERROR](https://www.rfc-editor.org/rfc/rfc9113#PROTOCOL_ERROR).
>> 
>> The current behavior is to close the connection with protocol error. This 
>> change makes it reset the stream instead.
>
> Daniel Fuchs has updated the pull request with a new target base due to a 
> merge or a rebase. The incremental webrev excludes the unrelated changes 
> brought in by the merge/rebase. The pull request contains three additional 
> commits since the last revision:
> 
>  - add bug id to test
>  - Merge branch 'master' into MalformedResponse-8303965
>  - 8303965

src/java.net.http/share/classes/jdk/internal/net/http/Stream.java line 1607:

> 1605:                 // treated as a stream error (Section 5.4.2) of type
> 1606:                 // PROTOCOL_ERROR.
> 1607:                 onProtocolError(uio.getCause());

Suggestion:

                // reset stream: From RFC 9113, section 8.1
                // Malformed requests or responses that are detected MUST be
                // treated as a stream error (Section 5.4.2) of type
                // PROTOCOL_ERROR.
                onProtocolError(uio.getCause());

src/java.net.http/share/classes/jdk/internal/net/http/common/ValidatingHeadersConsumer.java
 line 32:

> 30: 
> 31: /*
> 32:  * Checks RFC 7540 rules (relaxed) compliance regarding pseudo-headers.

Suggestion:

 * Checks RFC 9113 rules (relaxed) compliance regarding pseudo-headers.

-------------

PR: https://git.openjdk.org/jdk/pull/12976

Reply via email to