Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2276

HeaderMap.contains NPE on empty HeaderValues

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.2.25.Final, 2.3.7.Final
    • 2.2.24.Final, 2.3.6.Final
    • Core
    • None
    • Hide 
          @Test
    public void testContainsAfterClear() {
        HeaderMap headerMap = new HeaderMap();
        HttpString header = Headers.HOST;
        headerMap.put(header, "a");
        headerMap.get(header).clear();
        // Either of these headerMap.contains invocations will throw an NPE
        assertFalse(headerMap.contains(header));
        assertFalse(headerMap.contains(header.toString()));
    }

      I believe the fix is to include a size==0 check when the returned HeaderValues isn't null. I will create a PR with this change ad the currently failing test.

      Show
      @Test public void testContainsAfterClear() { HeaderMap headerMap = new HeaderMap(); HttpString header = Headers.HOST; headerMap.put(header, "a" ); headerMap.get(header).clear(); // Either of these headerMap.contains invocations will throw an NPE assertFalse(headerMap.contains(header)); assertFalse(headerMap.contains(header.toString())); } I believe the fix is to include a size==0 check when the returned HeaderValues isn't null. I will create a PR with this change ad the currently failing test. 

          @Test
    public void testContainsAfterClear() {
        HeaderMap headerMap = new HeaderMap();
        HttpString header = Headers.HOST;
        headerMap.put(header, "a");
        headerMap.get(header).clear();
        // Either of these headerMap.contains invocations will throw an NPE
        assertFalse(headerMap.contains(header));
        assertFalse(headerMap.contains(header.toString()));
    }

      This is due to the check here:
      https://github.com/undertow-io/undertow/blob/219e23a0700e6c52f22459c3958301b1e0596343/core/src/main/java/io/undertow/util/HeaderMap.java#L803-L811

      In the case that size is zero, the value may be null, and the null check is on the HeaderValues instance, not the HeaderValues.value instance. So, the next check that the value is a string returns false, the implementation assumes the value must be an array, however it is actually null. The same defect exists in both the String and HttpString overloads of the contains method.

            carterkozak Carter Kozak
            carterkozak Carter Kozak
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: