Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2276

HeaderMap.contains NPE on empty HeaderValues

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.2.25.Final, 2.3.7.Final
    • 2.2.24.Final, 2.3.6.Final
    • Core
    • None
    • Hide
          @Test
          public void testContainsAfterClear() {
              HeaderMap headerMap = new HeaderMap();
              HttpString header = Headers.HOST;
              headerMap.put(header, "a");
              headerMap.get(header).clear();
              // Either of these headerMap.contains invocations will throw an NPE
              assertFalse(headerMap.contains(header));
              assertFalse(headerMap.contains(header.toString()));
          }
      

      I believe the fix is to include a size==0 check when the returned HeaderValues isn't null. I will create a PR with this change ad the currently failing test.

      Show
      @Test public void testContainsAfterClear() { HeaderMap headerMap = new HeaderMap(); HttpString header = Headers.HOST; headerMap.put(header, "a" ); headerMap.get(header).clear(); // Either of these headerMap.contains invocations will throw an NPE assertFalse(headerMap.contains(header)); assertFalse(headerMap.contains(header.toString())); } I believe the fix is to include a size==0 check when the returned HeaderValues isn't null. I will create a PR with this change ad the currently failing test.

          @Test
          public void testContainsAfterClear() {
              HeaderMap headerMap = new HeaderMap();
              HttpString header = Headers.HOST;
              headerMap.put(header, "a");
              headerMap.get(header).clear();
              // Either of these headerMap.contains invocations will throw an NPE
              assertFalse(headerMap.contains(header));
              assertFalse(headerMap.contains(header.toString()));
          }
      

      This is due to the check here:
      https://github.com/undertow-io/undertow/blob/219e23a0700e6c52f22459c3958301b1e0596343/core/src/main/java/io/undertow/util/HeaderMap.java#L803-L811

      In the case that size is zero, the value may be null, and the null check is on the HeaderValues instance, not the HeaderValues.value instance. So, the next check that the value is a string returns false, the implementation assumes the value must be an array, however it is actually null. The same defect exists in both the String and HttpString overloads of the contains method.

              carterkozak Carter Kozak (Inactive)
              carterkozak Carter Kozak (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: