Jetty
  1. Jetty
  2. JETTY-1447

NumberFormatException when the url contains the string "%.."

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Minor Minor
    • Resolution: Not A Bug
    • Affects Version/s: 6.1.25, 6.1.26
    • Fix Version/s: None
    • Component/s: HTTP, Servlet
    • Environment:
      java version "1.6.0_26"
      Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
      Java HotSpot(TM) Client VM (build 20.1-b02, mixed mode, sharing)

      Linux Ubuntu 11.04

      AMD Athon64 3200
    • Number of attachments :
      0

      Description

      Jetty 6.1.26 throws java.lang.NumberFormatException when the URL contains the string "%..", eg. http://localhost:8080/example%..

      Copy of stacktrace
      java.lang.NumberFormatException
      at org.mortbay.util.TypeUtil.parseInt(TypeUtil.java:380)
      at org.mortbay.jetty.HttpURI.getDecodedPath(HttpURI.java:473)
      at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:526)
      at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
      at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
      at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
      at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
      at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
      at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

        Activity

        Hide
        Jan Bartel added a comment -

        Hi Juan,

        % is a special character to indicate encoding. It is always followed by 2 hex digits. If you want to have the % character itself, it itself must be encoded. Here's the relevant section from RFC2396:

        Because the percent "%" character always has the reserved purpose of
        being the escape indicator, it must be escaped as "%25" in order to
        be used as data within a URI. Implementers should be careful not to
        escape or unescape the same string more than once, since unescaping
        an already unescaped string might lead to misinterpreting a percent
        data character as another escaped character, or vice versa in the
        case of escaping an already escaped string.

        If this does not address your issue, please reopen with an exact example url and explanation of where you think the problem is.

        thanks
        Jan

        Show
        Jan Bartel added a comment - Hi Juan, % is a special character to indicate encoding. It is always followed by 2 hex digits. If you want to have the % character itself, it itself must be encoded. Here's the relevant section from RFC2396: Because the percent "%" character always has the reserved purpose of being the escape indicator, it must be escaped as "%25" in order to be used as data within a URI. Implementers should be careful not to escape or unescape the same string more than once, since unescaping an already unescaped string might lead to misinterpreting a percent data character as another escaped character, or vice versa in the case of escaping an already escaped string. If this does not address your issue, please reopen with an exact example url and explanation of where you think the problem is. thanks Jan
        Hide
        Jan Bartel added a comment -

        Juan,

        The error in parsing the uri happens before jetty can assign the request to a context (until we parse the uri, we don't know which context should handle it). Therefore, setting custom error pages on a context for these type of errors won't work.

        If you want to be able to customize the errors that are returned by the container, I suggest you open a new issue as an enhancement request and link it to this one.

        cheers
        Jan

        Show
        Jan Bartel added a comment - Juan, The error in parsing the uri happens before jetty can assign the request to a context (until we parse the uri, we don't know which context should handle it). Therefore, setting custom error pages on a context for these type of errors won't work. If you want to be able to customize the errors that are returned by the container, I suggest you open a new issue as an enhancement request and link it to this one. cheers Jan

          People

          • Assignee:
            Jan Bartel
            Reporter:
            Juan Ignacio
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: