On Mon, 30 Mar 2026 15:21:02 GMT, Jaikiran Pai <[email protected]> wrote:
>> Can I please get a review of this change which proposes to address the issue >> noted in https://bugs.openjdk.org/browse/JDK-8373778? >> >> When a CONNECT request to a proxy returns an invalid status line, then the >> current code in the internal implementation of `HttpURLConnection` runs into >> an exception trying to parse that status line. That exception propagates as >> an unspecified `java.util.NoSuchElementException` to the application. >> >> The commit in this PR addresses it by doing additional checks on the status >> line to ensure it is valid and if it isn't then it raises an `IOException`. >> This is the same `IOException` that would have been raised for a few other >> invalid responses for a CONNECT request. >> >> A new jtreg test has been introduced to reproduce the issue and verify the >> fix. tier1, tier2, tier3 testing succeeded with this change. > > Jaikiran Pai has updated the pull request incrementally with one additional > commit since the last revision: > > Volkan's review - use -1 instead of 0 src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java line 2044: > 2042: return invalidStatusLine; > 2043: } > 2044: final StringTokenizer st = new StringTokenizer(statusLine); Suggestion: final StringTokenizer st = new StringTokenizer(statusLine, " "); I know this is existing code (moved) but would it be better to create the StringTokenizer with only " " (space) as delimiter, rather than the default set of characters which includes various invalid control characters? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30466#discussion_r3021656509
