You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/08/11 19:48:31 UTC
svn commit: r1756037 - in /tomcat/tc6.0.x/trunk: ./ java/org/apache/coyote/
java/org/apache/coyote/ajp/ java/org/apache/coyote/http11/
java/org/apache/tomcat/util/http/ webapps/docs/ webapps/docs/config/
Author: markt
Date: Thu Aug 11 19:48:31 2016
New Revision: 1756037
URL: http://svn.apache.org/viewvc?rev=1756037&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59904
Add a limit (default 200) for the number of cookies allowed per request.
Based on a patch by gehui.
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/java/org/apache/coyote/AbstractProtocol.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Aug 11 19:48:31 2016
@@ -1,4 +1,4 @@
-/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989
,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994,1749377,1750018,1750980,1751066,1754114,1754147,1754728,1754880,1754891,1754898,1754902
-/tomcat/tc8.0.x/trunk:1637685,1637709,1640674,1641726,1641729-1641730,1643513,1643539,1643571,1643581-1643582,1644018,1648816,1656300,1658801-1658803,1658811,1659522,1663997,1664175,1665086,1666967,1666988,1668634,1669801,1676556,1681182,1681840,1681864,1685827,1689921,1693108,1694291,1694427,1694873,1696379,1701944,1710347,1712618,1712655,1713872,1713998,1714004,1714538,1715207,1715866,1716216-1716217,1716414,1717208-1717209,1720235,1720396,1720442,1720463,1721813,1721882,1722800,1723130,1724434,1724674,1724792,1724803,1725929,1725963-1725965,1725970,1725974,1726172,1726175,1726179-1726182,1726195-1726198,1726200,1726203,1726226,1726576,1726630,1727029,1727037,1727671,1727900,1728449,1729362,1731009,1731955,1731977,1732360,1732672,1733941,1734115,1734133,1734531,1737967,1738173,1739777,1741217,1743647,1744152
+/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989
,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994,1749377,1750018,1750980,1751066,1754114,1754147,1754728,1754880,1754891,1754898,1754902,1756030
+/tomcat/tc8.0.x/trunk:1637685,1637709,1640674,1641726,1641729-1641730,1643513,1643539,1643571,1643581-1643582,1644018,1648816,1656300,1658801-1658803,1658811,1659522,1663997,1664175,1665086,1666967,1666988,1668634,1669801,1676556,1681182,1681840,1681864,1685827,1689921,1693108,1694291,1694427,1694873,1696379,1701944,1710347,1712618,1712655,1713872,1713998,1714004,1714538,1715207,1715866,1716216-1716217,1716414,1717208-1717209,1720235,1720396,1720442,1720463,1721813,1721882,1722800,1723130,1724434,1724674,1724792,1724803,1725929,1725963-1725965,1725970,1725974,1726172,1726175,1726179-1726182,1726195-1726198,1726200,1726203,1726226,1726576,1726630,1727029,1727037,1727671,1727900,1728449,1729362,1731009,1731955,1731977,1732360,1732672,1733941,1734115,1734133,1734531,1737967,1738173,1739777,1741217,1743647,1744152,1756018
/tomcat/tc8.5.x/trunk:1737199,1737966,1738044,1741174,1741182,1741191,1741209,1741226,1741233,1742277,1743118,1743139-1743140,1744059,1744127,1744151,1744232,1744377,1744687,1745228,1746940,1749375,1750016,1750976,1751062,1754112,1754144,1754726,1754806,1754878,1754889,1754894,1754900
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,656018,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770
809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,890139,890265
,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907727,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,943112,944409,944416,945231,945808,945835,945841,946686,94
8057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1041892,1042022,1042029,1042447,1042452,1042494,1043983,1044944,1044987,1049264,1050249,1055055,1055236,1055458,1055975,1056264,1056828,1056889,1059881,1060486,1061412,1061442,1061446,1061503,1062398,1064652,1066244,1066772,1067039,1067139,1069824,1070139,1070420,1070609,1072042,1073184,1073393,1075458,1076212,1078409,1078412,1079801,1081118,1081334,1088179,1088460,1090022,1
094069,1094089,1095138,1097899,1099575,1099586,1099772,1099789,1100145,1100822,1101094,1101144,1124680,1130774,1133014,1137862,1137996,1138950,1138953,1139280,1140693,1141104,1141441,1142043,1142904,1143134,1143150,1145137,1148216,1148471,1152601,1156171,1156519,1164567,1167394,1172233-1172234,1172236,1173614,1174353,1174882,1174884,1175158,1175190,1176799,1177125,1177245,1177850,1177862,1178228,1178233,1178684,1181028,1181136,1184917,1184919,1185200,1185588,1186011,1186104,1186123,1186137,1186153,1186378,1186712,1186763,1186949,1187381,1189240,1189386,1190388-1190389,1190474,1198622,1201576,1203091,1224801,1233426,1243034,1243038,1244567,1298140,1298628-1298629,1304468,1311997,1331766,1333161,1333173,1342498,1342503,1348425,1348461-1348495,1348989,1350294,1351056,1351636-1351640,1352011,1354685,1354847,1354856,1356125,1359981,1371283,1409007,1413552,1413556,1413562,1417282,1430079,1430481,1430567,1435606,1435636,1435642,1438411,1439054,1441348,1446640,1446650,1447012,1453105,145311
2,1456666-1456678,1456713,1456721,1457968,1460342,1460533,1484862,1486875,1492570,1494143,1500062,1503851,1505843,1513148-1513149,1526469,1533312,1536520,1539157,1539173,1540374,1552804,1555163,1558811,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561190-1561192,1561635,1561640,1561732,1562742,1562746,1564309,1564312,1568921,1574004,1577315,1577324,1577463,1578812-1578813,1586658,1586894,1586959,1588193,1588197,1589737-1589738,1589763,1589837,1589842,1589980,1590018,1590302,1590646,1590648,1590835,1590842,1590911,1593259,1593261,1593335,1593834,1594229,1595171,1595289,1597532,1600955,1600963,1600978,1600984,1601329-1601330,1601332,1601855,1608963,1609061,1609593,1617362,1617365,1617383,1617456,1623392,1624247,1626579,1627033,1628978,1631155,1631520,1632584,1634117,1634130,1637684,1637695,1640655-1640658,1641656,1641660,1641692,1641707-1641718,1641721-1641722,1642564,1642606,1643045,1643054,1643570,1644017,1648815,1656299,1658799,1658802,1659521,1663995,1664174,1665085,166
6966,1666985,1668630,1669800,1676552,1681837-1681838,1681854,1685826,1687242,1689918,1693105,1694290,1694872,1696378,1701940,1710346,1712617,1712654,1713871,1713997,1714002,1715188,1715206,1716213-1716214,1716413,1716640,1716856,1716858,1716881-1716882,1716886,1716894,1720234,1720394,1720439,1720462,1721812,1721881,1722532,1722799,1722807,1722824,1722828-1722829,1722831,1722859,1723127,1723707,1723736,1724427,1724433,1724673,1724788,1724863,1725113,1725183,1725199,1725202,1725204,1725207,1725263-1725264,1725266,1725278,1725282,1725405,1725646,1725649-1725652,1725696-1725697,1725914,1725926,1726177,1726202,1726628,1726676,1726926,1727162,1727670,1727899,1728448,1729361,1731008,1731953,1731976,1732359,1733940,1734113,1734128,1734192,1737119,1737715,1737834,1737959,1738039,1738043,1739775,1741173,1741181,1741190,1741208,1741213,1741225,1741232,1742090,1742276,1743115,1743117,1743554,1744058,1744125,1744229,1744323,1744684,1745227,1745337,1746939,1748629,1750015,1750975,1751061,1754111,
1754140-1754141,1754445,1754494,1754496,1754528,1754532-1754533,1754714
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,656018,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770
809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,890139,890265
,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907727,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,943112,944409,944416,945231,945808,945835,945841,946686,94
8057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1041892,1042022,1042029,1042447,1042452,1042494,1043983,1044944,1044987,1049264,1050249,1055055,1055236,1055458,1055975,1056264,1056828,1056889,1059881,1060486,1061412,1061442,1061446,1061503,1062398,1064652,1066244,1066772,1067039,1067139,1069824,1070139,1070420,1070609,1072042,1073184,1073393,1075458,1076212,1078409,1078412,1079801,1081118,1081334,1088179,1088460,1090022,1
094069,1094089,1095138,1097899,1099575,1099586,1099772,1099789,1100145,1100822,1101094,1101144,1124680,1130774,1133014,1137862,1137996,1138950,1138953,1139280,1140693,1141104,1141441,1142043,1142904,1143134,1143150,1145137,1148216,1148471,1152601,1156171,1156519,1164567,1167394,1172233-1172234,1172236,1173614,1174353,1174882,1174884,1175158,1175190,1176799,1177125,1177245,1177850,1177862,1178228,1178233,1178684,1181028,1181136,1184917,1184919,1185200,1185588,1186011,1186104,1186123,1186137,1186153,1186378,1186712,1186763,1186949,1187381,1189240,1189386,1190388-1190389,1190474,1198622,1201576,1203091,1224801,1233426,1243034,1243038,1244567,1298140,1298628-1298629,1304468,1311997,1331766,1333161,1333173,1342498,1342503,1348425,1348461-1348495,1348989,1350294,1351056,1351636-1351640,1352011,1354685,1354847,1354856,1356125,1359981,1371283,1409007,1413552,1413556,1413562,1417282,1430079,1430481,1430567,1435606,1435636,1435642,1438411,1439054,1441348,1446640,1446650,1447012,1453105,145311
2,1456666-1456678,1456713,1456721,1457968,1460342,1460533,1484862,1486875,1492570,1494143,1500062,1503851,1505843,1513148-1513149,1526469,1533312,1536520,1539157,1539173,1540374,1552804,1555163,1558811,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561190-1561192,1561635,1561640,1561732,1562742,1562746,1564309,1564312,1568921,1574004,1577315,1577324,1577463,1578812-1578813,1586658,1586894,1586959,1588193,1588197,1589737-1589738,1589763,1589837,1589842,1589980,1590018,1590302,1590646,1590648,1590835,1590842,1590911,1593259,1593261,1593335,1593834,1594229,1595171,1595289,1597532,1600955,1600963,1600978,1600984,1601329-1601330,1601332,1601855,1608963,1609061,1609593,1617362,1617365,1617383,1617456,1623392,1624247,1626579,1627033,1628978,1631155,1631520,1632584,1634117,1634130,1637684,1637695,1640655-1640658,1641656,1641660,1641692,1641707-1641718,1641721-1641722,1642564,1642606,1643045,1643054,1643570,1644017,1648815,1656299,1658799,1658802,1659521,1663995,1664174,1665085,166
6966,1666985,1668630,1669800,1676552,1681837-1681838,1681854,1685826,1687242,1689918,1693105,1694290,1694872,1696378,1701940,1710346,1712617,1712654,1713871,1713997,1714002,1715188,1715206,1716213-1716214,1716413,1716640,1716856,1716858,1716881-1716882,1716886,1716894,1720234,1720394,1720439,1720462,1721812,1721881,1722532,1722799,1722807,1722824,1722828-1722829,1722831,1722859,1723127,1723707,1723736,1724427,1724433,1724673,1724788,1724863,1725113,1725183,1725199,1725202,1725204,1725207,1725263-1725264,1725266,1725278,1725282,1725405,1725646,1725649-1725652,1725696-1725697,1725914,1725926,1726177,1726202,1726628,1726676,1726926,1727162,1727670,1727899,1728448,1729361,1731008,1731953,1731976,1732359,1733940,1734113,1734128,1734192,1737119,1737715,1737834,1737959,1738039,1738043,1739775,1741173,1741181,1741190,1741208,1741213,1741225,1741232,1742090,1742276,1743115,1743117,1743554,1744058,1744125,1744229,1744323,1744684,1745227,1745337,1746939,1748629,1750015,1750975,1751061,1754111,
1754140-1754141,1754445,1754494,1754496,1754528,1754532-1754533,1754714,1756013
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/AbstractProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/AbstractProtocol.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/AbstractProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/AbstractProtocol.java Thu Aug 11 19:48:31 2016
@@ -38,6 +38,13 @@ public abstract class AbstractProtocol i
private int nameIndex = 0;
+ /**
+ * The maximum number of cookies permitted for a request. Use a value less
+ * than zero for no limit. Defaults to 200.
+ */
+ private int maxCookieCount = 200;
+
+
protected abstract AbstractEndpoint getEndpoint();
public int getMaxHeaderCount() {
@@ -62,6 +69,17 @@ public abstract class AbstractProtocol i
return nameCounter.incrementAndGet();
}
+
+ public int getMaxCookieCount() {
+ return maxCookieCount;
+ }
+
+
+ public void setMaxCookieCount(int maxCookieCount) {
+ this.maxCookieCount = maxCookieCount;
+ }
+
+
/**
* An utility method, used to implement getName() in subclasses.
*/
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java Thu Aug 11 19:48:31 2016
@@ -351,6 +351,11 @@ public class AjpAprProcessor implements
public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+ private int maxCookieCount = 200;
+ public int getMaxCookieCount() { return maxCookieCount; }
+ public void setMaxCookieCount(int maxCookieCount) { this.maxCookieCount = maxCookieCount; }
+
+
// --------------------------------------------------------- Public Methods
@@ -699,7 +704,8 @@ public class AjpAprProcessor implements
// Set this every time in case limit has been changed via JMX
headers.setLimit(endpoint.getMaxHeaderCount());
-
+ request.getCookies().setLimit(getMaxCookieCount());
+
boolean contentLengthSet = false;
int hCount = requestHeaderMessage.getInt();
for(int i = 0 ; i < hCount ; i++) {
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java Thu Aug 11 19:48:31 2016
@@ -434,6 +434,7 @@ public class AjpAprProtocol extends Abst
processor.setTomcatAuthentication(proto.tomcatAuthentication);
processor.setRequiredSecret(proto.requiredSecret);
processor.setClientCertProvider(proto.getClientCertProvider());
+ processor.setMaxCookieCount(proto.getMaxCookieCount());
register(processor);
return processor;
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java Thu Aug 11 19:48:31 2016
@@ -361,6 +361,11 @@ public class AjpProcessor implements Act
public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+ private int maxCookieCount = 200;
+ public int getMaxCookieCount() { return maxCookieCount; }
+ public void setMaxCookieCount(int maxCookieCount) { this.maxCookieCount = maxCookieCount; }
+
+
// --------------------------------------------------------- Public Methods
@@ -704,7 +709,8 @@ public class AjpProcessor implements Act
// Set this every time in case limit has been changed via JMX
headers.setLimit(endpoint.getMaxHeaderCount());
-
+ request.getCookies().setLimit(getMaxCookieCount());
+
boolean contentLengthSet = false;
int hCount = requestHeaderMessage.getInt();
for(int i = 0 ; i < hCount ; i++) {
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java Thu Aug 11 19:48:31 2016
@@ -418,6 +418,7 @@ public class AjpProtocol extends Abstrac
processor.setRequiredSecret(proto.requiredSecret);
processor.setKeepAliveTimeout(proto.keepAliveTimeout);
processor.setClientCertProvider(proto.getClientCertProvider());
+ processor.setMaxCookieCount(proto.getMaxCookieCount());
register(processor);
return processor;
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Thu Aug 11 19:48:31 2016
@@ -331,6 +331,9 @@ public class Http11AprProcessor implemen
*/
protected String clientCertProvider = null;
+ private int maxCookieCount = 200;
+
+
// ------------------------------------------------------------- Properties
public String getClientCertProvider() { return clientCertProvider; }
@@ -475,6 +478,15 @@ public class Http11AprProcessor implemen
}
+ public int getMaxCookieCount() {
+ return maxCookieCount;
+ }
+
+
+ public void setMaxCookieCount(int maxCookieCount) {
+ this.maxCookieCount = maxCookieCount;
+ }
+
// --------------------------------------------------------- Public Methods
@@ -823,6 +835,7 @@ public class Http11AprProcessor implemen
}
// Set this every time in case limit has been changed via JMX
request.getMimeHeaders().setLimit(endpoint.getMaxHeaderCount());
+ request.getCookies().setLimit(getMaxCookieCount());
inputBuffer.parseHeaders();
} catch (IOException e) {
error = true;
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Thu Aug 11 19:48:31 2016
@@ -662,6 +662,7 @@ public class Http11AprProtocol extends A
processor.setMaxSavePostSize(proto.maxSavePostSize);
processor.setServer(proto.server);
processor.setClientCertProvider(proto.getClientCertProvider());
+ processor.setMaxCookieCount(proto.getMaxCookieCount());
register(processor);
return processor;
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Thu Aug 11 19:48:31 2016
@@ -81,6 +81,8 @@ public class Http11NioProcessor implemen
*/
protected SSLSupport sslSupport;
+ private int maxCookieCount = 200;
+
/*
* Tracks how many internal filters are in the filter library so they
* are skipped when looking for pluggable filters.
@@ -819,6 +821,7 @@ public class Http11NioProcessor implemen
keptAlive = true;
// Set this every time in case limit has been changed via JMX
request.getMimeHeaders().setLimit(endpoint.getMaxHeaderCount());
+ request.getCookies().setLimit(getMaxCookieCount());
if ( !inputBuffer.parseHeaders() ) {
//we've read part of the request, don't recycle it
//instead associate it with the socket
@@ -1258,6 +1261,17 @@ public class Http11NioProcessor implemen
this.sslSupport = sslSupport;
}
+
+ public int getMaxCookieCount() {
+ return maxCookieCount;
+ }
+
+
+ public void setMaxCookieCount(int maxCookieCount) {
+ this.maxCookieCount = maxCookieCount;
+ }
+
+
/**
* Get the associated adapter.
*
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Thu Aug 11 19:48:31 2016
@@ -813,6 +813,7 @@ public class Http11NioProtocol extends A
processor.setSocketBuffer(proto.socketBuffer);
processor.setMaxSavePostSize(proto.maxSavePostSize);
processor.setServer(proto.server);
+ processor.setMaxCookieCount(proto.getMaxCookieCount());
register(processor);
return processor;
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java Thu Aug 11 19:48:31 2016
@@ -205,7 +205,10 @@ public class Http11Processor implements
*/
protected SSLSupport sslSupport;
-
+
+ private int maxCookieCount = 200;
+
+
/**
* Socket associated with the current connection.
*/
@@ -659,6 +662,16 @@ public class Http11Processor implements
}
+ public int getMaxCookieCount() {
+ return maxCookieCount;
+ }
+
+
+ public void setMaxCookieCount(int maxCookieCount) {
+ this.maxCookieCount = maxCookieCount;
+ }
+
+
/**
* Set the flag to control upload time-outs.
*/
@@ -805,6 +818,7 @@ public class Http11Processor implements
}
// Set this every time in case limit has been changed via JMX
request.getMimeHeaders().setLimit(endpoint.getMaxHeaderCount());
+ request.getCookies().setLimit(getMaxCookieCount());
inputBuffer.parseHeaders();
} catch (IOException e) {
error = true;
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java Thu Aug 11 19:48:31 2016
@@ -653,6 +653,7 @@ public class Http11Protocol extends Abst
processor.setSocketBuffer(proto.socketBuffer);
processor.setMaxSavePostSize(proto.maxSavePostSize);
processor.setServer(proto.server);
+ processor.setMaxCookieCount(proto.getMaxCookieCount());
register(processor);
return processor;
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java Thu Aug 11 19:48:31 2016
@@ -23,6 +23,7 @@ import java.util.StringTokenizer;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.res.StringManager;
/**
* A collection of cookies - reusable and tuned for server side performance.
@@ -37,11 +38,14 @@ public final class Cookies { // extends
private static org.apache.juli.logging.Log log=
org.apache.juli.logging.LogFactory.getLog(Cookies.class );
-
+ private static final StringManager sm =
+ StringManager.getManager("org.apache.tomcat.util.http.res");
+
// expected average number of cookies per request
public static final int INITIAL_SIZE=4;
ServerCookie scookies[]=new ServerCookie[INITIAL_SIZE];
int cookieCount=0;
+ private int limit = 200;
boolean unprocessed=true;
MimeHeaders headers;
@@ -103,6 +107,18 @@ public final class Cookies { // extends
this.headers=headers;
}
+
+ public void setLimit(int limit) {
+ this.limit = limit;
+ if (limit > -1 && scookies.length > limit && cookieCount <= limit) {
+ // shrink cookie list array
+ ServerCookie scookiesTmp[] = new ServerCookie[limit];
+ System.arraycopy(scookies, 0, scookiesTmp, 0, cookieCount);
+ scookies = scookiesTmp;
+ }
+ }
+
+
/**
* Construct a new uninitialized cookie collection.
* Use {@link #setHeaders} to initialize.
@@ -176,8 +192,14 @@ public final class Cookies { // extends
* The caller can set the name/value and attributes for the cookie
*/
public ServerCookie addCookie() {
- if( cookieCount >= scookies.length ) {
- ServerCookie scookiesTmp[]=new ServerCookie[2*cookieCount];
+ if (limit > -1 && cookieCount >= limit) {
+ throw new IllegalArgumentException(
+ sm.getString("cookies.maxCountFail", Integer.valueOf(limit)));
+ }
+
+ if (cookieCount >= scookies.length) {
+ int newSize = Math.min(2*cookieCount, limit);
+ ServerCookie scookiesTmp[] = new ServerCookie[newSize];
System.arraycopy( scookies, 0, scookiesTmp, 0, cookieCount);
scookies=scookiesTmp;
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties Thu Aug 11 19:48:31 2016
@@ -25,4 +25,6 @@ parameters.multipleDecodingFail=Characte
parameters.noequal=Parameter starting at position [{0}] and ending at position [{1}] with a value of [{0}] was not followed by an '=' character
parameters.fallToDebug=\n Note: further occurrences of Parameter errors will be logged at DEBUG level.
-headers.maxCountFail=More than the maximum allowed number of headers ([{0}]) were detected.
+cookies.maxCountFail=More than the maximum allowed number of cookies, [{0}], were detected.
+
+headers.maxCountFail=More than the maximum allowed number of headers, [{0}], were detected.
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Aug 11 19:48:31 2016
@@ -148,6 +148,10 @@
Ensure that requests with HTTP method names that are not tokens (as
required by RFC 7231) are rejected with a 400 response. (markt)
</fix>
+ <fix>
+ <bug>59904</bug>: Add a limit (default 200) for the number of cookies
+ allowed per request. Based on a patch by gehui. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml Thu Aug 11 19:48:31 2016
@@ -325,6 +325,12 @@
connectionTimeout attribute.</p>
</attribute>
+ <attribute name="maxCookieCount" required="false">
+ <p>The maximum number of cookies that are permitted for a request. A value
+ of less than zero means no limit. If not specified, a default value of 200
+ will be used.</p>
+ </attribute>
+
<attribute name="maxThreads" required="false">
<p>The maximum number of request processing threads to be created
by this <strong>Connector</strong>, which therefore determines the
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=1756037&r1=1756036&r2=1756037&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Thu Aug 11 19:48:31 2016
@@ -363,6 +363,12 @@
this attribute is set to "true".</p>
</attribute>
+ <attribute name="maxCookieCount" required="false">
+ <p>The maximum number of cookies that are permitted for a request. A value
+ of less than zero means no limit. If not specified, a default value of 200
+ will be used.</p>
+ </attribute>
+
<attribute name="maxHttpHeaderSize" required="false">
<p>The maximum size of the request and response HTTP header, specified
in bytes.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org