Reject negative Content-Length values in HttpHeaders

Prior to this commit, `HttpHeaders#setContentLength` would accept
negative values. Those are not allowed by the RFC and the headers
implementation only uses "-1" as a way to convey that no value was set.

This commit ensures that negative values are rejected.

Fixes gh-32660
This commit is contained in:
Onji Kim
2024-04-17 22:58:04 +09:00
committed by Brian Clozel
parent c03f798dad
commit ec055da7c3
2 changed files with 16 additions and 0 deletions

View File

@@ -969,8 +969,13 @@ public class HttpHeaders implements MultiValueMap<String, String>, Serializable
/**
* Set the length of the body in bytes, as specified by the
* {@code Content-Length} header.
* @param contentLength content length (greater than or equal to zero)
* @throws IllegalArgumentException if the content length is negative
*/
public void setContentLength(long contentLength) {
if (contentLength < 0) {
throw new IllegalArgumentException("Content-Length must be a non-negative number");
}
set(CONTENT_LENGTH, Long.toString(contentLength));
}