Jetty
  1. Jetty
  2. JETTY-1479

org.mortbay.jetty.Request::getServerName can throw NumberFormatException on invalid Host headers

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Trivial Trivial
    • Resolution: Duplicate
    • Affects Version/s: 6.1.14
    • Fix Version/s: 7.6.0
    • Component/s: HTTP
    • Labels:
    • Number of attachments :
      0

      Description

      I've seen a bunch of NumberFormatExceptions appear in the log files for two separate projects. After doing some digging, I found that all requests had malformed Host headers (all in the form "foo.com:" – notice the trailing colon).

      RFC2616 says that Host needs to be a hostname or a hostname followed by colon and a port. So the requester is clearly doing the wrong thing. But the server is also supposed to be lenient... and the RFC states that a missing port should be interpreted as port 80.

      I've already contacted the guilty party to fix the Host header. Now I'm asking the Jetty community to please patch up Jetty to be more resilient in this scenario.

      This is the code in question (reformatted slightly):

      if (hostPort.peek(hostPort.getIndex() + i) == ':')

      { _serverName = hostPort.peek(hostPort.getIndex(), i).toString(); _port = BufferUtil.toInt(hostPort.peek(hostPort.getIndex() + i + 1, hostPort.length() - i - 1)); return _serverName; }

      The exception happens in BufferUtil.toInt because it's getting an empty string. Could it instead return 80 if the portion following the colon is empty (or even invalid – e.g. "foo.com:bar")?

      An alternate thought, should Jetty be returning 400 instead since the request doesn't conform to RFC2616?

      Thanks

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Philip Davis
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: