Issue #3888 - Fixing ServletRequest.getContentLength() behavior

+ For Content-Length values exceeding Integer.MAX_VALUE the return must be -1. Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-19 10:35:35 -05:00 · 2019-07-19 10:35:35 -05:00 · 446c3d7202
parent 8afc4464d5
commit 446c3d7202
2 changed files with 22 additions and 11 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
@ -682,7 +682,15 @@ public class Request implements HttpServletRequest
        if (metadata == null)
            return -1;
        if (metadata.getContentLength() != Long.MIN_VALUE)
-            return (int)metadata.getContentLength();
+        {
+            if (metadata.getContentLength() > (long)Integer.MAX_VALUE)
+            {
+                // Per ServletRequest#getContentLength() javadoc this must return -1 for values exceeding Integer.MAX_VALUE
+                return -1;
+            }
+            else
+                return (int)metadata.getContentLength();
+        }
        return (int)metadata.getFields().getLongField(HttpHeader.CONTENT_LENGTH.toString());
    }

--- a/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
@ -663,27 +663,30 @@ public class RequestTest
        assertThat(responses,startsWith("HTTP/1.1 200"));
    }

+    /**
+     * The Servlet spec and API cannot parse Content-Length that exceeds Long.MAX_VALUE
+     */
    @Test
    public void testContentLength_ExceedsMaxLong() throws Exception
    {
        String HUGE_LENGTH = Long.MAX_VALUE + "0";

        _handler._checker = (request, response) ->
-                request.getHeader("Content-Length").equals(HUGE_LENGTH)
-             && request.getContentLength() == (-1) // per HttpServletRequest javadoc this must return (-1);
-             && request.getContentLengthLong() == (-1); // exact behavior here not specified in Servlet javadoc
+            request.getHeader("Content-Length").equals(HUGE_LENGTH)
+                && request.getContentLength() == (-1) // per HttpServletRequest javadoc this must return (-1);
+                && request.getContentLengthLong() == (-1); // exact behavior here not specified in Servlet javadoc

        //Send a request with encoded form content
        String request="POST / HTTP/1.1\r\n"+
-                "Host: whatever\r\n"+
-                "Content-Type: application/octet-stream\n"+
-                "Content-Length: " + HUGE_LENGTH + "\n"+
-                "Connection: close\n"+
-                "\n"+
-                "<insert huge amount of content here>\n";
+            "Host: whatever\r\n"+
+            "Content-Type: application/octet-stream\n"+
+            "Content-Length: " + HUGE_LENGTH + "\n"+
+            "Connection: close\n"+
+            "\n"+
+            "<insert huge amount of content here>\n";

        String responses=_connector.getResponse(request);
-        assertThat(responses,startsWith("HTTP/1.1 200"));
+        assertThat(responses, startsWith("HTTP/1.1 400"));
    }

    @Test