You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/05/11 08:34:21 UTC
svn commit: r1831389 -
/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
Author: markt
Date: Fri May 11 08:34:21 2018
New Revision: 1831389
URL: http://svn.apache.org/viewvc?rev=1831389&view=rev
Log:
When the header limit is exceeded before the protocol is read (e.g. with excessive new lines before the request line), set the protocol to avoid the missing protocol triggering a 505 error masking the real error code.
Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1831389&r1=1831388&r2=1831389&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Fri May 11 08:34:21 2018
@@ -711,6 +711,10 @@ public class Http11InputBuffer implement
if (parsingHeader) {
if (byteBuffer.limit() >= headerBufferSize) {
+ if (parsingRequestLine) {
+ // Avoid unknown protocol triggering an additional error
+ request.protocol().setString(Constants.HTTP_11);
+ }
throw new IllegalArgumentException(sm.getString("iib.requestheadertoolarge.error"));
}
} else {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1831389 -
/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
Posted by Mark Thomas <ma...@apache.org>.
On 11/05/18 15:44, Christopher Schultz wrote:
<snip/>
> Why not use something like "UNKNOWN" instead of "HTTP/1.1"? It might
> be confusing to see that the protocol "is" HTTP/1.1 when it was
> actually something else on the wire.
Because:
- neither the app nor the client ever sees it.
- it needs to be a valid value to prevent another error being triggered
later.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1831389 -
/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 5/11/18 4:34 AM, markt@apache.org wrote:
> Author: markt Date: Fri May 11 08:34:21 2018 New Revision: 1831389
>
> URL: http://svn.apache.org/viewvc?rev=1831389&view=rev Log: When
> the header limit is exceeded before the protocol is read (e.g. with
> excessive new lines before the request line), set the protocol to
> avoid the missing protocol triggering a 505 error masking the real
> error code.
>
> Modified:
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
>
> Modified:
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http1
1/Http11InputBuffer.java?rev=1831389&r1=1831388&r2=1831389&view=diff
>
>
========================================================================
======
> ---
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
> (original) +++
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
> Fri May 11 08:34:21 2018 @@ -711,6 +711,10 @@ public class
> Http11InputBuffer implement
>
> if (parsingHeader) { if (byteBuffer.limit() >= headerBufferSize) {
> + if (parsingRequestLine) { + //
> Avoid unknown protocol triggering an additional error +
> request.protocol().setString(Constants.HTTP_11); +
> }
Why not use something like "UNKNOWN" instead of "HTTP/1.1"? It might
be confusing to see that the protocol "is" HTTP/1.1 when it was
actually something else on the wire.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlr1rEgACgkQHPApP6U8
pFhn6BAAj1bBFKStBUHSL+9plGEz7X6jr48SuF3ftcbkKZ56saPdQ4xULJm8QUw4
YX+pw2ORv+fq+fmdfgNgIZnlatN4eXTAmUTlswnkjOPEP4LsJUYqFU8t8WT6iiUq
XnYQbyrSKNCcITSu4XQOV6CfvZuOo/Fu6t3SCR9bjQ9azKdUsq6TpnwAwyg3bMwI
25zxBymSWiBv2LENcV4c2CRYvOiTNCEn/DVYZVWubYiLhKuaeo6wD6QKiEnHqJvd
8vl1w7v/YQfauRIyQJZ3wXTmiX8+fTwHFrhVi/4mp0peRCHYc11mvlXVNKYHKLCO
2kizfdMljdZrdXTlEOGe7pPntliMXASiCGekSJoEh+weTFFwU74AYT8fZmssBUIz
qOS1bvopRf07rXWJe9XGAF5TGZKVVmy5cPAewlsfbA0cA4/h2b15al7UFYev8LTa
zbf/f/VImFx/3P5VeujnIy3Cir70MQpETwo1oBHLe6T7AcsLR/L9o3i7oUqj1vyA
U1jUlH6Bhabnh3HIl4uPamY4gDoYUAQMcM+giHsbgdpd8FAGbsh0V+bF7NcGmxgq
Mt38Ge5B5T3NO6uxpgkQqhfvlEn8DXtSJRxdV5eZQhpwrpkYjyaRFI+gItWw6f72
428BkppXqK6t/ob5gBJK7Mz6BZ4LqWpTVr6y3u3nCVOPxiNdKbg=
=RItO
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org