United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6670868 : StackOverFlow with authenticated Proxy tunnels

Details
Type:
Bug
Submit Date:
2008-03-04
Status:
Closed
Updated Date:
2012-08-21
Project Name:
JDK
Resolved Date:
2012-08-21
Component:
core-libs
OS:
windows_xp,windows_7
Sub-Component:
java.net
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
5.0,6u20
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
When using HttpsUrlConnection in in conjunction with authenticated proxies, an endless recursion can occur when the proxy reacts unexpected. See coding below.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the coding supplied, the ProxyConnect class first.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
ProxyTest should fail cleanly.
ACTUAL -
StackOverFlowError

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.InputStream;
import java.net.ServerSocket;
import java.net.Socket;

/**
 * TODO_DOC add type comment
 * <p/>
 * @author Richard Birenheide (D035816)
 */
public class ProxyConnect {
	/**
	 * TODO_DOC add method comment
	 * <p/>
	 * @param args
	 * @throws Exception
	 */
	public static void main(String[] args) throws Exception {
		ServerSocket ss = new ServerSocket(9000);
		while (true) {
			Socket s = ss.accept();
			InputStream is = s.getInputStream();
			byte[] buffer = new byte[10000];
			is.read(buffer);
			System.out.println(new String(buffer));
//			Thread.sleep(10000);
			s.getOutputStream().write("HTTP/1.1 407\nProxy-Authenticate:Basic realm=\"WallyWorld\"\n\n".getBytes());
			s.close();
			
			s = ss.accept();
			is = s.getInputStream();
			buffer = new byte[10000];
			is.read(buffer);
			System.out.println(new String(buffer));
//			Thread.sleep(10000);
//			s.getOutputStream().write("HTTP/1.0 407 \n\n".getBytes());
			s.close();
		}
	}
}

---------------------------------------------------------------------------------------------------
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

/**
 * TODO_DOC add type comment
 * <p/>
 * @author Richard Birenheide (D035816)
 */
public class ProxyTest {

	/**
	 * TODO_DOC add method comment
	 * <p/>
	 * @param args
	 */
	public static void main(String[] args) throws Exception {
		URL url = new URL("https://localhost:80");
		Authenticator.setDefault(new Authenticator() {
			@Override
			protected PasswordAuthentication getPasswordAuthentication() {
				System.out.println("Called");
				return new PasswordAuthentication("Test", "Test".toCharArray());
			}
		});
		HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("localhost", 9000)));
		conn.setAllowUserInteraction(true);
		conn.setUseCaches(false);
		conn.addRequestProperty("Proxy-Authorization", "blabla");
		conn.connect();
	}

}
---------- END SOURCE ----------

                                    

Comments
EVALUATION

There is an issue in the tunneling/Http retry code whereby a proxy requiring authentication, if it gives a bad response after the initial 407, may cause the HTTPClient to perform recursive calls to parseHTTP until StackOverFlow. The reason is obvious when you look at the "try once more" in HttpClient.

This fix required some cleaned in HttpURLConnection, and partially removes a previous fix, CR 6216082. I verified that this part of the change for 6216082 is no longer required, and confirmed this by running the test that was added as part of 6216082.

JDK8 changeset:

Changeset: a80562f7ea50
Author:    chegar
Date:      2011-07-27 18:10 +0100
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a80562f7ea50

6670868: StackOverFlow with bad authenticated Proxy tunnels
Reviewed-by: michaelm

! src/share/classes/sun/net/www/http/HttpClient.java
! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
+ test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java
                                     
2011-07-27
EVALUATION

Recursive loop in 

	- locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
	at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695)
	at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568)
	at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636)
	- locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
	at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695)
	at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568)
	at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636)
	- locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
	at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695)
	at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568)
	at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636)
	- locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
	at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695)
	at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568)
	at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636)
	- locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
	at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695)
	at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568)
	at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:163
        .......
                                     
2010-05-06



Hardware and Software, Engineered to Work Together