P4
There is currently no validation done on the responseCode parameter to HttpExchange.sendResponseHeaders(). Any invalid positive value or even negative integer will be returned to the client.
The response code should be validated to be within the range 100-599. The 1XX codes perhaps should also be excluded. The following is a simple demonstration.
HttpServer server = HttpServer.create(new InetSocketAddress(InetAddress.getLoopbackAddress(), 0), 5);
server.setExecutor(Executors.newCachedThreadPool());
var ctx = server.createContext("/", (exchange -> {
exchange.sendResponseHeaders(-5, -1);
exchange.close();
}));
server.start();
int port = server.getAddress().getPort();
URL url = new URL("http://127.0.0.1:" + Integer.toString(port) + "/foo");
HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
System.out.println(urlc.getResponseCode());
The response code should be validated to be within the range 100-599. The 1XX codes perhaps should also be excluded. The following is a simple demonstration.
HttpServer server = HttpServer.create(new InetSocketAddress(InetAddress.getLoopbackAddress(), 0), 5);
server.setExecutor(Executors.newCachedThreadPool());
var ctx = server.createContext("/", (exchange -> {
exchange.sendResponseHeaders(-5, -1);
exchange.close();
}));
server.start();
int port = server.getAddress().getPort();
URL url = new URL("http://127.0.0.1:" + Integer.toString(port) + "/foo");
HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
System.out.println(urlc.getResponseCode());