Reject negative Content-Length values in HttpHeaders
Prior to this commit, `HttpHeaders#setContentLength` would accept negative values. Those are not allowed by the RFC and the headers implementation only uses "-1" as a way to convey that no value was set. This commit ensures that negative values are rejected. Fixes gh-32660
This commit is contained in:
@@ -969,8 +969,13 @@ public class HttpHeaders implements MultiValueMap<String, String>, Serializable
|
||||
/**
|
||||
* Set the length of the body in bytes, as specified by the
|
||||
* {@code Content-Length} header.
|
||||
* @param contentLength content length (greater than or equal to zero)
|
||||
* @throws IllegalArgumentException if the content length is negative
|
||||
*/
|
||||
public void setContentLength(long contentLength) {
|
||||
if (contentLength < 0) {
|
||||
throw new IllegalArgumentException("Content-Length must be a non-negative number");
|
||||
}
|
||||
set(CONTENT_LENGTH, Long.toString(contentLength));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user