Backport of various cleanups in HttpParser from jetty-10.0.x (#10352)

joakime · gregw · web-flow · commit e4d596eafc88 · 2023-08-21T11:01:26.000-05:00
* Backport of various cleanups in HttpParser from jetty-10.0.x
* Handle complianceViolation() in old style for 9.4.x

Signed-off-by: gregw &lt;gregw@webtide.com&gt;
Signed-off-by: Joakim Erdfelt &lt;joakim.erdfelt@gmail.com&gt;
Co-authored-by: Greg Wilkins &lt;gregw@webtide.com&gt;
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
@@ -499,7 +499,7 @@ private HttpTokens.Token next(ByteBuffer buffer)
     /* Quick lookahead for the start state looking for a request method or an HTTP version,
      * otherwise skip white space until something else to parse.
      */
-    private boolean quickStart(ByteBuffer buffer)
+    private void quickStart(ByteBuffer buffer)
     {
         if (_requestHandler != null)
         {
@@ -510,7 +510,7 @@ private boolean quickStart(ByteBuffer buffer)
                 buffer.position(buffer.position() + _methodString.length() + 1);
 
                 setState(State.SPACE1);
-                return false;
+                return;
             }
         }
         else if (_responseHandler != null)
@@ -520,7 +520,7 @@ else if (_responseHandler != null)
             {
                 buffer.position(buffer.position() + _version.asString().length() + 1);
                 setState(State.SPACE1);
-                return false;
+                return;
             }
         }
 
@@ -541,7 +541,7 @@ else if (_responseHandler != null)
                     _string.setLength(0);
                     _string.append(t.getChar());
                     setState(_requestHandler != null ? State.METHOD : State.RESPONSE_VERSION);
-                    return false;
+                    return;
                 }
                 case OTEXT:
                 case SPACE:
@@ -559,7 +559,6 @@ else if (_responseHandler != null)
                 throw new BadMessageException(HttpStatus.BAD_REQUEST_400);
             }
         }
-        return false;
     }
 
     private void setString(String s)
@@ -974,23 +973,20 @@ private void parsedHeader()
                     case CONTENT_LENGTH:
                         if (_hasTransferEncoding && complianceViolation(TRANSFER_ENCODING_WITH_CONTENT_LENGTH))
                             throw new BadMessageException(HttpStatus.BAD_REQUEST_400, "Transfer-Encoding and Content-Length");
-
+                        long contentLength = convertContentLength(_valueString);
                         if (_hasContentLength)
                         {
                             if (complianceViolation(MULTIPLE_CONTENT_LENGTHS))
                                 throw new BadMessageException(HttpStatus.BAD_REQUEST_400, MULTIPLE_CONTENT_LENGTHS.description);
-                            if (convertContentLength(_valueString) != _contentLength)
-                                throw new BadMessageException(HttpStatus.BAD_REQUEST_400, MULTIPLE_CONTENT_LENGTHS.description);
+                            if (contentLength != _contentLength)
+                                throw new BadMessageException(HttpStatus.BAD_REQUEST_400, MULTIPLE_CONTENT_LENGTHS.getDescription());
                         }
                         _hasContentLength = true;
 
                         if (_endOfContent != EndOfContent.CHUNKED_CONTENT)
                         {
-                            _contentLength = convertContentLength(_valueString);
-                            if (_contentLength <= 0)
-                                _endOfContent = EndOfContent.NO_CONTENT;
-                            else
-                                _endOfContent = EndOfContent.CONTENT_LENGTH;
+                            _contentLength = contentLength;
+                            _endOfContent = EndOfContent.CONTENT_LENGTH;
                         }
                         break;
 
@@ -1107,15 +1103,21 @@ private void parsedTrailer()
 
     private long convertContentLength(String valueString)
     {
-        try
-        {
-            return Long.parseLong(valueString);
-        }
-        catch (NumberFormatException e)
+        if (valueString == null || valueString.length() == 0)
+            throw new BadMessageException("Invalid Content-Length Value", new NumberFormatException());
+
+        long value = 0;
+        int length = valueString.length();
+
+        for (int i = 0; i < length; i++)
         {
-            LOG.ignore(e);
-            throw new BadMessageException(HttpStatus.BAD_REQUEST_400, "Invalid Content-Length Value", e);
+            char c = valueString.charAt(i);
+            if (c < '0' || c > '9')
+                throw new BadMessageException("Invalid Content-Length Value", new NumberFormatException());
+
+            value = Math.addExact(Math.multiplyExact(value, 10L), c - '0');
         }
+        return value;
     }
 
     /*
@@ -1511,12 +1513,11 @@ public boolean parseNext(ByteBuffer buffer)
                 _methodString = null;
                 _endOfContent = EndOfContent.UNKNOWN_CONTENT;
                 _header = null;
-                if (quickStart(buffer))
-                    return true;
+                quickStart(buffer);
             }
 
             // Request/response line
-            if (_state.ordinal() >= State.START.ordinal() && _state.ordinal() < State.HEADER.ordinal())
+            if (_state.ordinal() < State.HEADER.ordinal())
             {
                 if (parseLine(buffer))
                     return true;
@@ -2036,7 +2037,6 @@ default void onComplianceViolation(HttpCompliance compliance, HttpComplianceSect
         }
     }
 
-    @SuppressWarnings("serial")
     private static class IllegalCharacterException extends BadMessageException
     {
         private IllegalCharacterException(State state, HttpTokens.Token token, ByteBuffer buffer)
diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java
@@ -41,6 +41,7 @@
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -1672,7 +1673,7 @@ public void testNoURI2()
     }
 
     @Test
-    public void testUnknownReponseVersion()
+    public void testUnknownResponseVersion()
     {
         ByteBuffer buffer = BufferUtil.toBuffer(
             "HPPT/7.7 200 OK\r\n" +
@@ -1815,65 +1816,31 @@ public void testBadCR()
         assertEquals(HttpParser.State.CLOSED, parser.getState());
     }
 
-    @Test
-    public void testBadContentLength0()
-    {
-        ByteBuffer buffer = BufferUtil.toBuffer(
-            "GET / HTTP/1.0\r\n" +
-                "Content-Length: abc\r\n" +
-                "Connection: close\r\n" +
-                "\r\n");
-
-        HttpParser.RequestHandler handler = new Handler();
-        HttpParser parser = new HttpParser(handler);
-
-        parser.parseNext(buffer);
-        assertEquals("GET", _methodOrVersion);
-        assertEquals("Invalid Content-Length Value", _bad);
-        assertFalse(buffer.hasRemaining());
-        assertEquals(HttpParser.State.CLOSE, parser.getState());
-        parser.atEOF();
-        parser.parseNext(BufferUtil.EMPTY_BUFFER);
-        assertEquals(HttpParser.State.CLOSED, parser.getState());
-    }
-
-    @Test
-    public void testBadContentLength1()
-    {
-        ByteBuffer buffer = BufferUtil.toBuffer(
-            "GET / HTTP/1.0\r\n" +
-                "Content-Length: 9999999999999999999999999999999999999999999999\r\n" +
-                "Connection: close\r\n" +
-                "\r\n");
-
-        HttpParser.RequestHandler handler = new Handler();
-        HttpParser parser = new HttpParser(handler);
-
-        parser.parseNext(buffer);
-        assertEquals("GET", _methodOrVersion);
-        assertEquals("Invalid Content-Length Value", _bad);
-        assertFalse(buffer.hasRemaining());
-        assertEquals(HttpParser.State.CLOSE, parser.getState());
-        parser.atEOF();
-        parser.parseNext(BufferUtil.EMPTY_BUFFER);
-        assertEquals(HttpParser.State.CLOSED, parser.getState());
-    }
-
-    @Test
-    public void testBadContentLength2()
-    {
-        ByteBuffer buffer = BufferUtil.toBuffer(
-            "GET / HTTP/1.0\r\n" +
-                "Content-Length: 1.5\r\n" +
-                "Connection: close\r\n" +
-                "\r\n");
+    @ParameterizedTest
+    @ValueSource(strings = {
+        "abc",
+        "1.5",
+        "9999999999999999999999999999999999999999999999",
+        "-10",
+        "+10",
+        "1.0",
+        "1,0",
+        "10,"
+    })
+    public void testBadContentLengths(String contentLength)
+    {
+        ByteBuffer buffer = BufferUtil.toBuffer(
+            "GET /test HTTP/1.1\r\n" +
+                "Host: localhost\r\n" +
+                "Content-Length: " + contentLength + "\r\n" +
+                "\r\n" +
+                "1234567890\r\n");
 
         HttpParser.RequestHandler handler = new Handler();
-        HttpParser parser = new HttpParser(handler);
+        HttpParser parser = new HttpParser(handler, HttpCompliance.RFC2616_LEGACY);
+        parseAll(parser, buffer);
 
-        parser.parseNext(buffer);
-        assertEquals("GET", _methodOrVersion);
-        assertEquals("Invalid Content-Length Value", _bad);
+        assertThat(_bad, notNullValue());
         assertFalse(buffer.hasRemaining());
         assertEquals(HttpParser.State.CLOSE, parser.getState());
         parser.atEOF();
@@ -2084,7 +2051,7 @@ public void testIPv6Host()
     @Test
     public void testBadIPv6Host()
     {
-        try (StacklessLogging s = new StacklessLogging(HttpParser.class))
+        try (StacklessLogging ignored = new StacklessLogging(HttpParser.class))
         {
             ByteBuffer buffer = BufferUtil.toBuffer(
                 "GET / HTTP/1.1\r\n" +
@@ -2930,8 +2897,8 @@ public void init()
     private String _methodOrVersion;
     private String _uriOrStatus;
     private String _versionOrReason;
-    private List<HttpField> _fields = new ArrayList<>();
-    private List<HttpField> _trailers = new ArrayList<>();
+    private final List<HttpField> _fields = new ArrayList<>();
+    private final List<HttpField> _trailers = new ArrayList<>();
     private String[] _hdr;
     private String[] _val;
     private int _headers;

Original file line number	Diff line number	Diff line change
`@@ -499,7 +499,7 @@ private HttpTokens.Token next(ByteBuffer buffer)`
`499`	`499`	`/* Quick lookahead for the start state looking for a request method or an HTTP version,`
`500`	`500`	`* otherwise skip white space until something else to parse.`
`501`	`501`	`*/`
`502`		`- private boolean quickStart(ByteBuffer buffer)`
	`502`	`+ private void quickStart(ByteBuffer buffer)`
`503`	`503`	`{`
`504`	`504`	`if (_requestHandler != null)`
`505`	`505`	`{`
`@@ -510,7 +510,7 @@ private boolean quickStart(ByteBuffer buffer)`
`510`	`510`	`buffer.position(buffer.position() + _methodString.length() + 1);`
`511`	`511`
`512`	`512`	`setState(State.SPACE1);`
`513`		`- return false;`
	`513`	`+ return;`
`514`	`514`	`}`
`515`	`515`	`}`
`516`	`516`	`else if (_responseHandler != null)`
`@@ -520,7 +520,7 @@ else if (_responseHandler != null)`
`520`	`520`	`{`
`521`	`521`	`buffer.position(buffer.position() + _version.asString().length() + 1);`
`522`	`522`	`setState(State.SPACE1);`
`523`		`- return false;`
	`523`	`+ return;`
`524`	`524`	`}`
`525`	`525`	`}`
`526`	`526`
`@@ -541,7 +541,7 @@ else if (_responseHandler != null)`
`541`	`541`	`_string.setLength(0);`
`542`	`542`	`_string.append(t.getChar());`
`543`	`543`	`setState(_requestHandler != null ? State.METHOD : State.RESPONSE_VERSION);`
`544`		`- return false;`
	`544`	`+ return;`
`545`	`545`	`}`
`546`	`546`	`case OTEXT:`
`547`	`547`	`case SPACE:`
`@@ -559,7 +559,6 @@ else if (_responseHandler != null)`
`559`	`559`	`throw new BadMessageException(HttpStatus.BAD_REQUEST_400);`
`560`	`560`	`}`
`561`	`561`	`}`
`562`		`- return false;`
`563`	`562`	`}`
`564`	`563`
`565`	`564`	`private void setString(String s)`
`@@ -974,23 +973,20 @@ private void parsedHeader()`
`974`	`973`	`case CONTENT_LENGTH:`
`975`	`974`	`if (_hasTransferEncoding && complianceViolation(TRANSFER_ENCODING_WITH_CONTENT_LENGTH))`
`976`	`975`	`throw new BadMessageException(HttpStatus.BAD_REQUEST_400, "Transfer-Encoding and Content-Length");`
`977`		`-`
	`976`	`+ long contentLength = convertContentLength(_valueString);`
`978`	`977`	`if (_hasContentLength)`
`979`	`978`	`{`
`980`	`979`	`if (complianceViolation(MULTIPLE_CONTENT_LENGTHS))`
`981`	`980`	`throw new BadMessageException(HttpStatus.BAD_REQUEST_400, MULTIPLE_CONTENT_LENGTHS.description);`
`982`		`- if (convertContentLength(_valueString) != _contentLength)`
`983`		`- throw new BadMessageException(HttpStatus.BAD_REQUEST_400, MULTIPLE_CONTENT_LENGTHS.description);`
	`981`	`+ if (contentLength != _contentLength)`
	`982`	`+ throw new BadMessageException(HttpStatus.BAD_REQUEST_400, MULTIPLE_CONTENT_LENGTHS.getDescription());`
`984`	`983`	`}`
`985`	`984`	`_hasContentLength = true;`
`986`	`985`
`987`	`986`	`if (_endOfContent != EndOfContent.CHUNKED_CONTENT)`
`988`	`987`	`{`
`989`		`- _contentLength = convertContentLength(_valueString);`
`990`		`- if (_contentLength <= 0)`
`991`		`- _endOfContent = EndOfContent.NO_CONTENT;`
`992`		`- else`
`993`		`- _endOfContent = EndOfContent.CONTENT_LENGTH;`
	`988`	`+ _contentLength = contentLength;`
	`989`	`+ _endOfContent = EndOfContent.CONTENT_LENGTH;`
`994`	`990`	`}`
`995`	`991`	`break;`
`996`	`992`
`@@ -1107,15 +1103,21 @@ private void parsedTrailer()`
`1107`	`1103`
`1108`	`1104`	`private long convertContentLength(String valueString)`
`1109`	`1105`	`{`
`1110`		`- try`
`1111`		`- {`
`1112`		`- return Long.parseLong(valueString);`
`1113`		`- }`
`1114`		`- catch (NumberFormatException e)`
	`1106`	`+ if (valueString == null \|\| valueString.length() == 0)`
	`1107`	`+ throw new BadMessageException("Invalid Content-Length Value", new NumberFormatException());`
	`1108`	`+`
	`1109`	`+ long value = 0;`
	`1110`	`+ int length = valueString.length();`
	`1111`	`+`
	`1112`	`+ for (int i = 0; i < length; i++)`
`1115`	`1113`	`{`
`1116`		`- LOG.ignore(e);`
`1117`		`- throw new BadMessageException(HttpStatus.BAD_REQUEST_400, "Invalid Content-Length Value", e);`
	`1114`	`+ char c = valueString.charAt(i);`
	`1115`	`+ if (c < '0' \|\| c > '9')`
	`1116`	`+ throw new BadMessageException("Invalid Content-Length Value", new NumberFormatException());`
	`1117`	`+`
	`1118`	`+ value = Math.addExact(Math.multiplyExact(value, 10L), c - '0');`
`1118`	`1119`	`}`
	`1120`	`+ return value;`
`1119`	`1121`	`}`
`1120`	`1122`
`1121`	`1123`	`/*`
`@@ -1511,12 +1513,11 @@ public boolean parseNext(ByteBuffer buffer)`
`1511`	`1513`	`_methodString = null;`
`1512`	`1514`	`_endOfContent = EndOfContent.UNKNOWN_CONTENT;`
`1513`	`1515`	`_header = null;`
`1514`		`- if (quickStart(buffer))`
`1515`		`- return true;`
	`1516`	`+ quickStart(buffer);`
`1516`	`1517`	`}`
`1517`	`1518`
`1518`	`1519`	`// Request/response line`
`1519`		`- if (_state.ordinal() >= State.START.ordinal() && _state.ordinal() < State.HEADER.ordinal())`
	`1520`	`+ if (_state.ordinal() < State.HEADER.ordinal())`
`1520`	`1521`	`{`
`1521`	`1522`	`if (parseLine(buffer))`
`1522`	`1523`	`return true;`
`@@ -2036,7 +2037,6 @@ default void onComplianceViolation(HttpCompliance compliance, HttpComplianceSect`
`2036`	`2037`	`}`
`2037`	`2038`	`}`
`2038`	`2039`
`2039`		`- @SuppressWarnings("serial")`
`2040`	`2040`	`private static class IllegalCharacterException extends BadMessageException`
`2041`	`2041`	`{`
`2042`	`2042`	`private IllegalCharacterException(State state, HttpTokens.Token token, ByteBuffer buffer)`