Skip to content

Commit 6e9a192

Browse files
snicollsnicoll
committed
Consistently check for Content-Length value
This commit makes sure to consistently check that the content length is not set above 2GB. Previously it was only checked in setContentLength. Closes gh-33256
1 parent 83ff8e4 commit 6e9a192

File tree

2 files changed

+49
-7
lines changed

2 files changed

+49
-7
lines changed

spring-web/src/main/java/org/springframework/web/util/ContentCachingResponseWrapper.java

+11-7
Original file line numberDiff line numberDiff line change
@@ -140,11 +140,15 @@ public void setContentLength(int len) {
140140

141141
@Override
142142
public void setContentLengthLong(long len) {
143-
if (len > Integer.MAX_VALUE) {
143+
setContentLength(toContentLengthInt(len));
144+
}
145+
146+
private int toContentLengthInt(long contentLength) {
147+
if (contentLength > Integer.MAX_VALUE) {
144148
throw new IllegalArgumentException("Content-Length exceeds ContentCachingResponseWrapper's maximum (" +
145-
Integer.MAX_VALUE + "): " + len);
149+
Integer.MAX_VALUE + "): " + contentLength);
146150
}
147-
setContentLength((int) len);
151+
return (int) contentLength;
148152
}
149153

150154
@Override
@@ -160,7 +164,7 @@ public boolean containsHeader(String name) {
160164
@Override
161165
public void setHeader(String name, String value) {
162166
if (HttpHeaders.CONTENT_LENGTH.equalsIgnoreCase(name)) {
163-
this.contentLength = Integer.valueOf(value);
167+
this.contentLength = toContentLengthInt(Long.parseLong(value));
164168
}
165169
else {
166170
super.setHeader(name, value);
@@ -170,7 +174,7 @@ public void setHeader(String name, String value) {
170174
@Override
171175
public void addHeader(String name, String value) {
172176
if (HttpHeaders.CONTENT_LENGTH.equalsIgnoreCase(name)) {
173-
this.contentLength = Integer.valueOf(value);
177+
this.contentLength = toContentLengthInt(Long.parseLong(value));
174178
}
175179
else {
176180
super.addHeader(name, value);
@@ -180,7 +184,7 @@ public void addHeader(String name, String value) {
180184
@Override
181185
public void setIntHeader(String name, int value) {
182186
if (HttpHeaders.CONTENT_LENGTH.equalsIgnoreCase(name)) {
183-
this.contentLength = Integer.valueOf(value);
187+
this.contentLength = value;
184188
}
185189
else {
186190
super.setIntHeader(name, value);
@@ -190,7 +194,7 @@ public void setIntHeader(String name, int value) {
190194
@Override
191195
public void addIntHeader(String name, int value) {
192196
if (HttpHeaders.CONTENT_LENGTH.equalsIgnoreCase(name)) {
193-
this.contentLength = Integer.valueOf(value);
197+
this.contentLength = value;
194198
}
195199
else {
196200
super.addIntHeader(name, value);

spring-web/src/test/java/org/springframework/web/filter/ContentCachingResponseWrapperTests.java

+38
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131

3232
import static java.nio.charset.StandardCharsets.UTF_8;
3333
import static org.assertj.core.api.Assertions.assertThat;
34+
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
3435
import static org.junit.jupiter.api.Named.named;
3536
import static org.springframework.http.HttpHeaders.CONTENT_LENGTH;
3637
import static org.springframework.http.HttpHeaders.CONTENT_TYPE;
@@ -233,6 +234,43 @@ void copyBodyToResponseWithTransferEncoding() throws Exception {
233234
assertThat(response.getContentAsByteArray()).isEqualTo(responseBody);
234235
}
235236

237+
@Test
238+
void setContentLengthAbove2GbViaSetContentLengthLong() {
239+
MockHttpServletResponse response = new MockHttpServletResponse();
240+
241+
ContentCachingResponseWrapper responseWrapper = new ContentCachingResponseWrapper(response);
242+
long overflow = (long) Integer.MAX_VALUE + 1;
243+
assertThatIllegalArgumentException()
244+
.isThrownBy(() -> responseWrapper.setContentLengthLong(overflow))
245+
.withMessageContaining("Content-Length exceeds ContentCachingResponseWrapper's maximum")
246+
.withMessageContaining(String.valueOf(overflow));
247+
}
248+
249+
@Test
250+
void setContentLengthAbove2GbViaAddHeader() {
251+
MockHttpServletResponse response = new MockHttpServletResponse();
252+
253+
ContentCachingResponseWrapper responseWrapper = new ContentCachingResponseWrapper(response);
254+
String overflow = String.valueOf((long) Integer.MAX_VALUE + 1);
255+
assertThatIllegalArgumentException()
256+
.isThrownBy(() -> responseWrapper.addHeader(CONTENT_LENGTH, overflow))
257+
.withMessageContaining("Content-Length exceeds ContentCachingResponseWrapper's maximum")
258+
.withMessageContaining(overflow);
259+
}
260+
261+
@Test
262+
void setContentLengthAbove2GbViaSetHeader() {
263+
MockHttpServletResponse response = new MockHttpServletResponse();
264+
265+
ContentCachingResponseWrapper responseWrapper = new ContentCachingResponseWrapper(response);
266+
String overflow = String.valueOf((long) Integer.MAX_VALUE + 1);
267+
assertThatIllegalArgumentException()
268+
.isThrownBy(() -> responseWrapper.setHeader(CONTENT_LENGTH, overflow))
269+
.withMessageContaining("Content-Length exceeds ContentCachingResponseWrapper's maximum")
270+
.withMessageContaining(overflow);
271+
}
272+
273+
236274
private void assertHeader(HttpServletResponse response, String header, int value) {
237275
assertHeader(response, header, Integer.toString(value));
238276
}

0 commit comments

Comments
 (0)