8369595: HttpClient: HttpHeaders.firstValueAsLong failures should be converted to ProtocolException

Reviewed-by: dfuchs, djelinski

Author: vy

src/java.net.http/share/classes/jdk/internal/net/http/Http1Response.java

@@ -30,6 +30,7 @@
 import java.lang.invoke.MethodHandles;
 import java.lang.invoke.VarHandle;
 import java.net.http.HttpResponse.BodySubscriber;
+import java.net.ProtocolException;
 import java.nio.ByteBuffer;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.Executor;
@@ -46,6 +47,7 @@
 import jdk.internal.net.http.common.Utils;
 import static java.net.http.HttpClient.Version.HTTP_1_1;
 import static java.net.http.HttpResponse.BodySubscribers.discarding;
+import static jdk.internal.net.http.common.Utils.readContentLength;
 import static jdk.internal.net.http.common.Utils.wrapWithExtraDetail;
 import static jdk.internal.net.http.RedirectFilter.HTTP_NOT_MODIFIED;
 
@@ -272,16 +274,31 @@ long fixupContentLen(long clen) {
     }
 
     /**
-     * Read up to MAX_IGNORE bytes discarding
+     * Reads the body, if it is present and less than {@value MAX_IGNORE} bytes.
+     * Otherwise, just the connection is closed.
      */
     public CompletableFuture<Void> ignoreBody(Executor executor) {
-        int clen = (int)headers.firstValueAsLong("Content-Length").orElse(-1);
-        if (clen == -1 || clen > MAX_IGNORE) {
+
+        // Read the `Content-Length` header
+        long clen;
+        try {
+            clen = readContentLength(headers, "", -1);
+        } catch (ProtocolException pe) {
+            return MinimalFuture.failedFuture(pe);
+        }
+
+        // Read the body, if it is present and less than `MAX_IGNORE` bytes.
+        //
+        // We proceed with reading the body even when `Content-Length: 0` to
+        // ensure that the happy path is taken, and upon success, the connection
+        // is returned back to the pool.
+        if (clen != -1 && clen <= MAX_IGNORE) {
+            return readBody(discarding(), !request.isWebSocket(), executor);
+        } else {
             connection.close();
             return MinimalFuture.completedFuture(null); // not treating as error
-        } else {
-            return readBody(discarding(), !request.isWebSocket(), executor);
         }
+
     }
 
     // Used for those response codes that have no body associated
@@ -308,11 +325,28 @@ public <U> CompletableFuture<U> readBody(HttpResponse.BodySubscriber<U> p,
         this.return2Cache = return2Cache;
         final BodySubscriber<U> subscriber = p;
 
-
         final CompletableFuture<U> cf = new MinimalFuture<>();
 
-        long clen0 = headers.firstValueAsLong("Content-Length").orElse(-1L);
-        final long clen = fixupContentLen(clen0);
+        Consumer<Throwable> errorNotifier = error -> {
+            try {
+                subscriber.onError(error);
+                cf.completeExceptionally(error);
+            } finally {
+                asyncReceiver.setRetryOnError(false);
+                asyncReceiver.onReadError(error);
+            }
+        };
+
+        // Read the content length
+        long clen;
+        try {
+            long clen0 = readContentLength(headers, "", -1);
+            clen = fixupContentLen(clen0);
+        } catch (ProtocolException pe) {
+            errorNotifier.accept(pe);
+            connection.close(pe);
+            return cf;
+        }
 
         // expect-continue reads headers and body twice.
         // if we reach here, we must reset the headersReader state.
@@ -398,12 +432,7 @@ public <U> CompletableFuture<U> readBody(HttpResponse.BodySubscriber<U> p,
             }
         });
 
-        ResponseSubscribers.getBodyAsync(executor, p, cf, (t) -> {
-            subscriber.onError(t);
-            cf.completeExceptionally(t);
-            asyncReceiver.setRetryOnError(false);
-            asyncReceiver.onReadError(t);
-        });
+        ResponseSubscribers.getBodyAsync(executor, p, cf, errorNotifier);
 
         return cf.whenComplete((s,t) -> {
             if (t != null) {

src/java.net.http/share/classes/jdk/internal/net/http/Http3ExchangeImpl.java

@@ -81,6 +81,8 @@
 import jdk.internal.net.http.quic.streams.QuicBidiStream;
 import jdk.internal.net.http.quic.streams.QuicStreamReader;
 import jdk.internal.net.http.quic.streams.QuicStreamWriter;
+
+import static jdk.internal.net.http.common.Utils.readContentLength;
 import static jdk.internal.net.http.http3.ConnectionSettings.UNLIMITED_MAX_FIELD_SECTION_SIZE;
 
 /**
@@ -1293,12 +1295,16 @@ protected void handlePromise(PushHeadersConsumer consumer) throws IOException {
         if (Set.of("PUT", "DELETE", "OPTIONS", "TRACE").contains(method)) {
             throw new ProtocolException("push method not allowed pushId=" + pushId);
         }
-        long clen = promiseHeaders.firstValueAsLong("Content-Length").orElse(-1);
+
+        // Read & validate `Content-Length`
+        long clen = readContentLength(
+                promiseHeaders, "illegal push headers for pushId=%s: ".formatted(pushId), -1);
         if (clen > 0) {
-            throw new ProtocolException("push headers contain non-zero Content-Length for pushId=" + pushId);
+            throw new ProtocolException("push headers contain non-zero \"Content-Length\" for pushId=" + pushId);
         }
+
         if (promiseHeaders.firstValue("Transfer-Encoding").isPresent()) {
-            throw new ProtocolException("push headers contain Transfer-Encoding for pushId=" + pushId);
+            throw new ProtocolException("push headers contain \"Transfer-Encoding\" for pushId=" + pushId);
         }
 
 

src/java.net.http/share/classes/jdk/internal/net/http/Http3Stream.java

@@ -31,7 +31,6 @@
 import java.net.http.HttpHeaders;
 import java.nio.ByteBuffer;
 import java.util.List;
-import java.util.OptionalLong;
 import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.concurrent.atomic.AtomicInteger;
 
@@ -58,6 +57,8 @@
 
 import static jdk.internal.net.http.Exchange.MAX_NON_FINAL_RESPONSES;
 import static jdk.internal.net.http.RedirectFilter.HTTP_NOT_MODIFIED;
+import static jdk.internal.net.http.common.Utils.readContentLength;
+import static jdk.internal.net.http.common.Utils.readStatusCode;
 
 /**
  * A common super class for the HTTP/3 request/response stream ({@link Http3ExchangeImpl}
@@ -606,23 +607,17 @@ void handleResponse(HttpHeadersBuilder responseHeadersBuilder,
          }
 
          int responseCode;
-         boolean finalResponse = false;
          try {
-             responseCode = (int) responseHeaders
-                     .firstValueAsLong(":status")
-                     .orElseThrow(() -> new IOException("no statuscode in response"));
-         } catch (IOException | NumberFormatException exception) {
+             responseCode = readStatusCode(responseHeaders, "");
+         } catch (ProtocolException pe) {
              // RFC-9114: 4.1.2.  Malformed Requests and Responses:
              //  "Malformed requests or responses that are
              //   detected MUST be treated as a stream error of type H3_MESSAGE_ERROR"
-             cancelImpl(exception, Http3Error.H3_MESSAGE_ERROR);
-             return;
-         }
-         if (responseCode < 100 || responseCode > 999) {
-             cancelImpl(new IOException("Unexpected :status header value"), Http3Error.H3_MESSAGE_ERROR);
+             cancelImpl(pe, Http3Error.H3_MESSAGE_ERROR);
              return;
          }
 
+         boolean finalResponse = false;
          if (responseCode >= 200) {
              responseState = ResponseState.PERMIT_TRAILER;
              finalResponse = true;
@@ -653,23 +648,21 @@ void handleResponse(HttpHeadersBuilder responseHeadersBuilder,
                      responseHeaders);
          }
 
-         try {
-             OptionalLong cl = responseHeaders.firstValueAsLong("content-length");
-             if (finalResponse && cl.isPresent()) {
-                 long cll = cl.getAsLong();
-                 if (cll < 0) {
-                     cancelImpl(new IOException("Invalid content-length value "+cll), Http3Error.H3_MESSAGE_ERROR);
-                     return;
-                 }
-                 if (!(exchange.request().method().equalsIgnoreCase("HEAD") || responseCode == HTTP_NOT_MODIFIED)) {
-                     // HEAD response and 304 response might have a content-length header,
-                     // but it carries no meaning
-                     contentLength = cll;
-                 }
+         if (finalResponse) {
+             long cl;
+             try {
+                 cl = readContentLength(responseHeaders, "", -1);
+             } catch (ProtocolException pe) {
+                 cancelImpl(pe, Http3Error.H3_MESSAGE_ERROR);
+                 return;
+             }
+             if (cl != -1 &&
+                     !(exchange.request().method().equalsIgnoreCase("HEAD") ||
+                             responseCode == HTTP_NOT_MODIFIED)) {
+                 // HEAD response and 304 response might have a content-length header,
+                 // but it carries no meaning
+                 contentLength = cl;
              }
-         } catch (NumberFormatException nfe) {
-             cancelImpl(nfe, Http3Error.H3_MESSAGE_ERROR);
-             return;
          }
 
          if (Log.headers() || debug.on()) {

src/java.net.http/share/classes/jdk/internal/net/http/MultiExchange.java

@@ -28,8 +28,11 @@
 import java.io.IOException;
 import java.lang.ref.WeakReference;
 import java.net.ConnectException;
+import java.net.ProtocolException;
+import java.net.ProtocolException;
 import java.net.http.HttpClient.Version;
 import java.net.http.HttpConnectTimeoutException;
+import java.net.http.HttpHeaders;
 import java.net.http.StreamLimitException;
 import java.time.Duration;
 import java.util.List;
@@ -47,7 +50,6 @@
 import java.util.function.Function;
 
 import java.net.http.HttpClient;
-import java.net.http.HttpHeaders;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
 import java.net.http.HttpResponse.BodySubscriber;
@@ -62,6 +64,7 @@
 import static jdk.internal.net.http.common.MinimalFuture.completedFuture;
 import static jdk.internal.net.http.common.MinimalFuture.failedFuture;
 import static jdk.internal.net.http.AltSvcProcessor.processAltSvcHeader;
+import static jdk.internal.net.http.common.Utils.readContentLength;
 
 
 /**
@@ -358,13 +361,22 @@ private static boolean bodyNotPermitted(Response r) {
         return r.statusCode == 204;
     }
 
-    private boolean bodyIsPresent(Response r) {
-        HttpHeaders headers = r.headers();
-        if (headers.firstValueAsLong("Content-length").orElse(0L) != 0L)
-            return true;
-        if (headers.firstValue("Transfer-encoding").isPresent())
-            return true;
-        return false;
+    private void ensureNoBody(HttpHeaders headers) throws ProtocolException {
+
+        // Check `Content-Length`
+        var contentLength = readContentLength(headers, "", 0);
+        if (contentLength > 0) {
+            throw new ProtocolException(
+                    "Unexpected \"Content-Length\" header in a 204 response: " + contentLength);
+        }
+
+        // Check `Transfer-Encoding`
+        var transferEncoding = headers.firstValue("Transfer-Encoding");
+        if (transferEncoding.isPresent()) {
+            throw new ProtocolException(
+                    "Unexpected \"Transfer-Encoding\" header in a 204 response: " + transferEncoding.get());
+        }
+
     }
 
     // Call the user's body handler to get an empty body object
@@ -405,13 +417,13 @@ private HttpResponse<T> setNewResponse(HttpRequest request, Response r, T body,
                         if (bodyNotPermitted(r)) {
                             // No response body consumption is expected, we can cancel the timer right away
                             cancelTimer();
-                            if (bodyIsPresent(r)) {
-                                IOException ioe = new IOException(
-                                    "unexpected content length header with 204 response");
-                                exch.cancel(ioe);
-                                return MinimalFuture.failedFuture(ioe);
-                            } else
-                                return handleNoBody(r, exch);
+                            try {
+                                ensureNoBody(r.headers);
+                            } catch (ProtocolException pe) {
+                                exch.cancel(pe);
+                                return MinimalFuture.failedFuture(pe);
+                            }
+                            return handleNoBody(r, exch);
                         }
                         return exch.readBodyAsync(responseHandler)
                             .thenApply((T body) -> setNewResponse(r.request, r, body, exch));

src/java.net.http/share/classes/jdk/internal/net/http/Stream.java

@@ -61,6 +61,7 @@
 import static jdk.internal.net.http.AltSvcProcessor.processAltSvcFrame;
 
 import static jdk.internal.net.http.Exchange.MAX_NON_FINAL_RESPONSES;
+import static jdk.internal.net.http.common.Utils.readStatusCode;
 
 /**
  * Http/2 Stream handling.
@@ -615,18 +616,14 @@ String checkInterimResponseCountExceeded() {
         return null;
     }
 
-    protected void handleResponse(HeaderFrame hf) throws IOException {
+    protected void handleResponse(HeaderFrame hf) {
         HttpHeaders responseHeaders = responseHeadersBuilder.build();
 
         if (!finalResponseCodeReceived) {
             try {
-                responseCode = (int) responseHeaders
-                        .firstValueAsLong(":status")
-                        .orElseThrow(() -> new ProtocolException(String.format(
-                                "Stream %s PROTOCOL_ERROR: no status code in response",
-                                streamid)));
-            } catch (ProtocolException cause) {
-                cancelImpl(cause, ResetFrame.PROTOCOL_ERROR);
+                responseCode = readStatusCode(responseHeaders, "Stream %s PROTOCOL_ERROR: ".formatted(streamid));
+            } catch (ProtocolException pe) {
+                cancelImpl(pe, ResetFrame.PROTOCOL_ERROR);
                 rspHeadersConsumer.reset();
                 return;
             }
@@ -1730,21 +1727,18 @@ protected void handleResponse(HeaderFrame hf) {
             HttpHeaders responseHeaders = responseHeadersBuilder.build();
 
             if (!finalPushResponseCodeReceived) {
-                responseCode = (int)responseHeaders
-                    .firstValueAsLong(":status")
-                    .orElse(-1);
-
-                if (responseCode == -1) {
-                    cancelImpl(new ProtocolException("No status code"), ResetFrame.PROTOCOL_ERROR);
+                try {
+                    responseCode = readStatusCode(responseHeaders, "");
+                    if (responseCode >= 100 && responseCode < 200) {
+                        String protocolErrorMsg = checkInterimResponseCountExceeded();
+                        if (protocolErrorMsg != null) {
+                            throw new ProtocolException(protocolErrorMsg);
+                        }
+                    }
+                } catch (ProtocolException pe) {
+                    cancelImpl(pe, ResetFrame.PROTOCOL_ERROR);
                     rspHeadersConsumer.reset();
                     return;
-                } else if (responseCode >= 100 && responseCode < 200) {
-                    String protocolErrorMsg = checkInterimResponseCountExceeded();
-                    if (protocolErrorMsg != null) {
-                        cancelImpl(new ProtocolException(protocolErrorMsg), ResetFrame.PROTOCOL_ERROR);
-                        rspHeadersConsumer.reset();
-                        return;
-                    }
                 }
 
                 this.finalPushResponseCodeReceived = true;