Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ContentCachingResponseWrapper.setHeader does not handle null value properly. #34460

Closed
joakime opened this issue Feb 20, 2025 · 1 comment
Closed

ContentCachingResponseWrapper.setHeader does not handle null value properly. #34460

joakime opened this issue Feb 20, 2025 · 1 comment
Assignees
@bclozel
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
6.2.4

Comments

@joakime
Copy link

joakime commented Feb 20, 2025

First reported against Eclipse Jetty at ...

The stacktrace looks like this ...

java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Long.parseLong(Unknown Source)
at java.base/java.lang.Long.parseLong(Unknown Source)
at org.springframework.web.util.ContentCachingResponseWrapper.setHeader(ContentCachingResponseWrapper.java:167)
at org.eclipse.jetty.ee10.servlet.ServletCoreResponse$HttpServletResponseHttpFields.remove(ServletCoreResponse.java:389)
at org.eclipse.jetty.ee10.servlet.ServletCoreResponse$HttpServletResponseHttpFields.remove(ServletCoreResponse.java:397)
at org.eclipse.jetty.server.ResourceService.putHeaders(ResourceService.java:755)
at org.eclipse.jetty.server.ResourceService.sendData(ResourceService.java:669)
at org.eclipse.jetty.server.ResourceService.doGet(ResourceService.java:206)
at org.eclipse.jetty.ee10.servlet.ResourceServlet.doGet(ResourceServlet.java:530)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:527)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614)

What is happening is that the HttpServletResponse.setHeader("Content-Length", null) method is being called.

The ContentCachingResponseWrapper.setHeader(String, String) sees the Content-Length header and then blindly tries parse the value.

spring-framework/spring-web/src/main/java/org/springframework/web/util/ContentCachingResponseWrapper.java

Lines 161 to 168 in b932df6

public void setHeader(String name, String value) {
if (HttpHeaders.CONTENT_LENGTH.equalsIgnoreCase(name)) {
this.contentLength = Integer.valueOf(value);
}
else {
super.setHeader(name, value);
}
}

The servlet spec has always treated a null in the value parameter for setHeader as a remove of that header.

At a minimum, this code should be changed to pass-through any null value and do no further processing of the header.
But I suspect you'll want to null out your tracking of the content-length header as well.
@joakime joakime mentioned this issue Feb 20, 2025
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Feb 20, 2025
@bclozel bclozel self-assigned this Feb 20, 2025
@bclozel bclozel added in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Feb 20, 2025
@bclozel bclozel added this to the 6.2.4 milestone Feb 20, 2025
@bclozel bclozel added the for: backport-to-6.1.x Marks an issue as a candidate for backport to 6.1.x label Feb 21, 2025
@github-actions github-actions bot added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-6.1.x Marks an issue as a candidate for backport to 6.1.x labels Feb 21, 2025
@github-actions github-actions bot mentioned this issue Feb 21, 2025
Closed
@bclozel
Copy link
Member

bclozel commented Feb 21, 2025

Thanks for the detailed issue @joakime , this is fixed and backported!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bclozel bclozel

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
6.2.4
Development

No branches or pull requests
3 participants
@bclozel @joakime @spring-projects-issues