You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/11/01 20:29:30 UTC
svn commit: r1196231 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/coyote/http11/ webapps/docs/
Author: kkolinko
Date: Tue Nov 1 19:29:30 2011
New Revision: 1196231
URL: http://svn.apache.org/viewvc?rev=1196231&view=rev
Log:
Merged revisions r1196212 r1196223 from tomcat/trunk:
Implement self-guard against unexpected call to parseHeaders() after the parsing has already been completed
without a prior call to recycle() or nextRequest().
One such occurrence was caused by a bug that did not recycle the buffer and was fixed a while ago.
AbstractHttp11Processor handling of ISE from parseHeaders() is to reject the request with response status 400 and close the socket. The message is visible only when debug logging is enabled in AbstractHttp11Processor.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Nov 1 19:29:30 2011
@@ -1 +1 @@
-/tomcat/trunk:1156115,1156171,1156276,1156304,1156519,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166693,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172556,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096
,1173241,1173256,1173288,1173333,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174322,1174325,1174329-1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613,1175633,1175690,1175713,1175889,1175896,1175907,1176584,1176590,1176799,1177050,1177060,1177125,1177152,1177160,1177245,1177850,1177862,1177978,1178209,1178228,1178233,1178449,1178542,1178681,1178684,1178721,1179268,1179274,1180261,1180865,1180891,1180894,1180907,1181028,1181123,1181125,1181136,1181291,1181743,1182796,1183078,1183105,1183142,1183328,1183339-1183340,1183492-1183494,1183605,1184917,1184919,1185018,1185020,1185200,1185588,1185626,1185756,1185758,1186011,1186042-1186045,1186104,1186123,1186137,1186153,1186254,1186257,1186377-1186379,1186479-1186480,1186712,1186743,1186750,1186763,1186890-1186892,1186894,1186949,1187018,1187027-1187028,1187381,1187755,1187
775,1187827,1188301,1188303-1188305,1188399,1188822,1188930-1188931,1189116,1189129,1189183,1189240,1189256,1189386,1189413-1189414,1189477,1189685,1189805,1189857,1189864,1189882,1190034,1190185,1190279,1190339,1190371,1190388-1190389,1190474,1190481,1194915,1195222-1195223,1195531,1195899,1195905,1195943,1195949,1195953,1195955,1195965,1195968,1196175
+/tomcat/trunk:1156115,1156171,1156276,1156304,1156519,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166693,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172556,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096
,1173241,1173256,1173288,1173333,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174322,1174325,1174329-1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613,1175633,1175690,1175713,1175889,1175896,1175907,1176584,1176590,1176799,1177050,1177060,1177125,1177152,1177160,1177245,1177850,1177862,1177978,1178209,1178228,1178233,1178449,1178542,1178681,1178684,1178721,1179268,1179274,1180261,1180865,1180891,1180894,1180907,1181028,1181123,1181125,1181136,1181291,1181743,1182796,1183078,1183105,1183142,1183328,1183339-1183340,1183492-1183494,1183605,1184917,1184919,1185018,1185020,1185200,1185588,1185626,1185756,1185758,1186011,1186042-1186045,1186104,1186123,1186137,1186153,1186254,1186257,1186377-1186379,1186479-1186480,1186712,1186743,1186750,1186763,1186890-1186892,1186894,1186949,1187018,1187027-1187028,1187381,1187755,1187
775,1187827,1188301,1188303-1188305,1188399,1188822,1188930-1188931,1189116,1189129,1189183,1189240,1189256,1189386,1189413-1189414,1189477,1189685,1189805,1189857,1189864,1189882,1190034,1190185,1190279,1190339,1190371,1190388-1190389,1190474,1190481,1194915,1195222-1195223,1195531,1195899,1195905,1195943,1195949,1195953,1195955,1195965,1195968,1196175,1196212,1196223
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java?rev=1196231&r1=1196230&r2=1196231&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java Tue Nov 1 19:29:30 2011
@@ -304,6 +304,10 @@ public class InternalAprInputBuffer exte
@Override
public boolean parseHeaders()
throws IOException {
+ if (!parsingHeader) {
+ throw new IllegalStateException(
+ sm.getString("iib.parseheaders.ise.error"));
+ }
while (parseHeader()) {
// Loop until there are no more headers
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java?rev=1196231&r1=1196230&r2=1196231&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java Tue Nov 1 19:29:30 2011
@@ -260,6 +260,10 @@ public class InternalInputBuffer extends
@Override
public boolean parseHeaders()
throws IOException {
+ if (!parsingHeader) {
+ throw new IllegalStateException(
+ sm.getString("iib.parseheaders.ise.error"));
+ }
while (parseHeader()) {
// Loop until we run out of headers
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java?rev=1196231&r1=1196230&r2=1196231&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java Tue Nov 1 19:29:30 2011
@@ -469,6 +469,11 @@ public class InternalNioInputBuffer exte
@Override
public boolean parseHeaders()
throws IOException {
+ if (!parsingHeader) {
+ throw new IllegalStateException(
+ sm.getString("iib.parseheaders.ise.error"));
+ }
+
HeaderParseStatus status = HeaderParseStatus.HAVE_MORE_HEADERS;
do {
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1196231&r1=1196230&r2=1196231&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties Tue Nov 1 19:29:30 2011
@@ -40,4 +40,5 @@ http11processor.sendfile.error=Error sen
iib.eof.error=Unexpected EOF read on the socket
iib.invalidheader=The HTTP header line [{0}] does not conform to RFC 2616 and has been ignored.
iib.invalidmethod=Invalid character (CR or LF) found in method name
+iib.parseheaders.ise.error=Unexpected state: headers already parsed. Buffer not recycled?
iib.requestheadertoolarge.error=Request header is too large
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1196231&r1=1196230&r2=1196231&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Nov 1 19:29:30 2011
@@ -193,6 +193,10 @@
Fix threading issue in NIO connectors during shutdown that meant Comet
connections were not always shut down cleanly. (markt)
</fix>
+ <add>
+ In HTTP connectors: self-guard against using a non-recycled input
+ buffer. Requests will be rejected with response status 400. (kkolinko)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org