diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java index c321509a0..4bb728fe4 100644 --- a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java @@ -849,6 +849,11 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, final HeaderP parsingState.offset = offset + 2 - arrayOffs; return -2; } else { + final byte b3 = input[offset - 1]; + if (!(b3 == Constants.CR) && isStrictHeaderValueValidationSet) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header value"); + } parsingState.offset = offset + 1 - arrayOffs; finalizeKnownHeaderValues(httpHeader, parsingState, input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2); parsingState.headerValueStorage.setBytes(input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2); @@ -1139,6 +1144,12 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, final HeaderP parsingState.offset = offset + 2; return -2; } else { + final byte b3 = input.get(offset - 1); + if (!(b3 == Constants.CR) && isStrictHeaderValueValidationSet) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header value"); + } + parsingState.offset = offset + 1; finalizeKnownHeaderValues(httpHeader, parsingState, input, parsingState.start, parsingState.checkpoint2); parsingState.headerValueStorage.setBuffer(input, parsingState.start, parsingState.checkpoint2);