JDK-6670868 : StackOverFlow with authenticated Proxy tunnels
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 5.0,6u20
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp,windows_7
  • CPU: x86
  • Submitted: 2008-03-04
  • Updated: 2012-08-21
  • Resolved: 2012-08-21
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7 JDK 8
5.0u33Fixed 6u30Fixed 7u2Fixed 8 b01Fixed
Related Reports
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
When using HttpsUrlConnection in in conjunction with authenticated proxies, an endless recursion can occur when the proxy reacts unexpected. See coding below.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the coding supplied, the ProxyConnect class first.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
ProxyTest should fail cleanly.
ACTUAL -
StackOverFlowError

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.InputStream;
import java.net.ServerSocket;
import java.net.Socket;

/**
 * TODO_DOC add type comment
 * <p/>
 * @author Richard Birenheide (D035816)
 */
public class ProxyConnect {
	/**
	 * TODO_DOC add method comment
	 * <p/>
	 * @param args
	 * @throws Exception
	 */
	public static void main(String[] args) throws Exception {
		ServerSocket ss = new ServerSocket(9000);
		while (true) {
			Socket s = ss.accept();
			InputStream is = s.getInputStream();
			byte[] buffer = new byte[10000];
			is.read(buffer);
			System.out.println(new String(buffer));
//			Thread.sleep(10000);
			s.getOutputStream().write("HTTP/1.1 407\nProxy-Authenticate:Basic realm=\"WallyWorld\"\n\n".getBytes());
			s.close();
			
			s = ss.accept();
			is = s.getInputStream();
			buffer = new byte[10000];
			is.read(buffer);
			System.out.println(new String(buffer));
//			Thread.sleep(10000);
//			s.getOutputStream().write("HTTP/1.0 407 \n\n".getBytes());
			s.close();
		}
	}
}

---------------------------------------------------------------------------------------------------
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

/**
 * TODO_DOC add type comment
 * <p/>
 * @author Richard Birenheide (D035816)
 */
public class ProxyTest {

	/**
	 * TODO_DOC add method comment
	 * <p/>
	 * @param args
	 */
	public static void main(String[] args) throws Exception {
		URL url = new URL("https://localhost:80");
		Authenticator.setDefault(new Authenticator() {
			@Override
			protected PasswordAuthentication getPasswordAuthentication() {
				System.out.println("Called");
				return new PasswordAuthentication("Test", "Test".toCharArray());
			}
		});
		HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("localhost", 9000)));
		conn.setAllowUserInteraction(true);
		conn.setUseCaches(false);
		conn.addRequestProperty("Proxy-Authorization", "blabla");
		conn.connect();
	}

}
---------- END SOURCE ----------

Comments
EVALUATION There is an issue in the tunneling/Http retry code whereby a proxy requiring authentication, if it gives a bad response after the initial 407, may cause the HTTPClient to perform recursive calls to parseHTTP until StackOverFlow. The reason is obvious when you look at the "try once more" in HttpClient. This fix required some cleaned in HttpURLConnection, and partially removes a previous fix, CR 6216082. I verified that this part of the change for 6216082 is no longer required, and confirmed this by running the test that was added as part of 6216082. JDK8 changeset: Changeset: a80562f7ea50 Author: chegar Date: 2011-07-27 18:10 +0100 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a80562f7ea50 6670868: StackOverFlow with bad authenticated Proxy tunnels Reviewed-by: michaelm ! src/share/classes/sun/net/www/http/HttpClient.java ! src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java + test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java
2011-07-27

EVALUATION Recursive loop in - locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568) at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636) - locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568) at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636) - locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568) at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636) - locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568) at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:1636) - locked <0xe7600568> (a sun.net.www.protocol.https.DelegateHttpsURLConnection) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:695) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:568) at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:163 .......
2010-05-06