Details
Bug
Resolved
Trivial
Description
I've seen a bunch of NumberFormatExceptions appear in the log files for two separate projects. After doing some digging, I found that all requests had malformed Host headers (all in the form "foo.com:" – notice the trailing colon).
RFC2616 says that Host needs to be a hostname or a hostname followed by colon and a port. So the requester is clearly doing the wrong thing. But the server is also supposed to be lenient... and the RFC states that a missing port should be interpreted as port 80.
I've already contacted the guilty party to fix the Host header. Now I'm asking the Jetty community to please patch up Jetty to be more resilient in this scenario.
This is the code in question (reformatted slightly):
if (hostPort.peek(hostPort.getIndex() + i) == ':')
{ _serverName = hostPort.peek(hostPort.getIndex(), i).toString(); _port = BufferUtil.toInt(hostPort.peek(hostPort.getIndex() + i + 1, hostPort.length() - i - 1)); return _serverName; }The exception happens in BufferUtil.toInt because it's getting an empty string. Could it instead return 80 if the portion following the colon is empty (or even invalid – e.g. "foo.com:bar")?
An alternate thought, should Jetty be returning 400 instead since the request doesn't conform to RFC2616?
Thanks
Activity
Great, thanks for a speedy response. Glad to hear you guys are on the ball and it's just me that's behind the times. 
Curious issue.
Just so you know, but Jetty 6.x is no longer being developed.
Jetty 7.x and Jetty 8.x are the current live/stable versions of Jetty.
As for this bug....
Jetty 7.x and 8.x also show this behavior.
However, they return an Error 500 + NumberFormatException.
I think Error 400 (Bad Request) should be the appropriate response in this situation.