Skip to content

Regular handling of bad URIs #14011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 19, 2025
Merged

Regular handling of bad URIs #14011

merged 2 commits into from
Nov 19, 2025
+182 −15

Conversation

@gregw
Copy link
Contributor

@gregw gregw commented Nov 10, 2025

Remove the differences in how bad URI are handled.

@gregw
Regular handling of bad URIs
f57ac95 
Remove the differences in how bad URI are handled.
@gregw gregw requested review from joakime and lorban November 10, 2025 21:16
@joakime
Copy link
Contributor

joakime commented Nov 10, 2025

test failures here .

  • org.eclipse.jetty.proxy.ForwardProxyTLSServerTest.testIPv6
  • org.eclipse.jetty.proxy.ForwardProxyTLSServerTest.testOneExchange

@joakime
Copy link
Contributor

joakime commented Nov 10, 2025

@gregw IMO those are just bad test cases.

They only assert for 200 OK.
Not that the proxy was used properly.

@gregw
Copy link
Contributor Author

gregw commented Nov 11, 2025

@gregw IMO those are just bad test cases.

They only assert for 200 OK. Not that the proxy was used properly.

The problem is a bit deeper than that. The client is allowing an authority to be passed as a URI. Now we are stricter in the URI parsing that fails. I have to investigate why it passed before.

@gregw
Regular handling of bad URIs
2e471b6 
Remove the differences in how bad URI are handled.
@gregw gregw requested a review from janbartel November 13, 2025 21:50
joakime
joakime approved these changes Nov 17, 2025
View reviewed changes
Copy link
Contributor

@joakime joakime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just a small question that I think I know the answer to, just wanted to confirm with you first.

jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java
_host = uri.substring(mark, i);
i++;
String host = uri.substring(mark, i);
URIUtil.validateInetAddress(host);
Copy link
Contributor

@joakime joakime Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this only occur during a detected IPLiteral only? not a hostname right?
If it's a hostname, the resulting call to InetAddress.getByName will incur a DNS hit.

Copy link
Contributor Author

@gregw gregw Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct. IPV6 state is only entered after seeing the corresponding [ in HOST state. The state machine here is not as refined as in 12, so there are probably still a few more strange cases here.... but I don't want to substantively change the behavior.

This was referenced Nov 17, 2025
Merged
Merged
Merged
@gregw gregw requested a review from joakime November 17, 2025 21:42
@gregw gregw merged commit 89d2ac7 into jetty-9.4.x Nov 19, 2025
7 checks passed
@gregw gregw deleted the enhancement/jetty-9.4.x/regularBadUris branch November 19, 2025 00:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janbartel janbartel janbartel approved these changes

@lorban lorban lorban approved these changes

@joakime joakime Awaiting requested review from joakime

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gregw @joakime @janbartel @lorban