-
Bug
-
Resolution: Done
-
Major
-
2.2.24.Final, 2.3.6.Final
-
None
@Test public void testContainsAfterClear() { HeaderMap headerMap = new HeaderMap(); HttpString header = Headers.HOST; headerMap.put(header, "a"); headerMap.get(header).clear(); // Either of these headerMap.contains invocations will throw an NPE assertFalse(headerMap.contains(header)); assertFalse(headerMap.contains(header.toString())); }
This is due to the check here:
https://github.com/undertow-io/undertow/blob/219e23a0700e6c52f22459c3958301b1e0596343/core/src/main/java/io/undertow/util/HeaderMap.java#L803-L811
In the case that size is zero, the value may be null, and the null check is on the HeaderValues instance, not the HeaderValues.value instance. So, the next check that the value is a string returns false, the implementation assumes the value must be an array, however it is actually null. The same defect exists in both the String and HttpString overloads of the contains method.
- is incorporated by
-
WFCORE-6388 Upgrade Undertow to 2.3.7.Final
- Closed