You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by jo...@apache.org on 2021/09/21 02:50:48 UTC
[mina] branch 2.2.X updated: Adds malformed HTTP request check
This is an automated email from the ASF dual-hosted git repository.
johnnyv pushed a commit to branch 2.2.X
in repository https://gitbox.apache.org/repos/asf/mina.git
The following commit(s) were added to refs/heads/2.2.X by this push:
new 27256db Adds malformed HTTP request check
27256db is described below
commit 27256dbd145bfa6dad5ee43ded20cc1f278b6278
Author: Wim van Ravesteijn <wi...@ravesteijn.nl>
AuthorDate: Mon Sep 20 22:50:31 2021 -0400
Adds malformed HTTP request check
---
.../apache/mina/http/HttpServerDecoderTest.java | 23 +++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java b/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
index c752c61..f840909 100644
--- a/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
+++ b/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
@@ -20,6 +20,7 @@
package org.apache.mina.http;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertTrue;
import java.nio.charset.CharacterCodingException;
@@ -28,7 +29,6 @@ import java.nio.charset.CharsetEncoder;
import java.util.Queue;
import org.apache.mina.core.buffer.IoBuffer;
-import org.apache.mina.core.filterchain.IoFilter.NextFilter;
import org.apache.mina.core.session.DummySession;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.AbstractProtocolDecoderOutput;
@@ -38,6 +38,8 @@ import org.apache.mina.http.api.HttpRequest;
import org.junit.Test;
public class HttpServerDecoderTest {
+ private static final String DECODER_STATE_ATT = "http.ds";
+
private static final CharsetEncoder encoder = Charset.forName("US-ASCII").newEncoder(); //$NON-NLS-1$
private static final ProtocolDecoder decoder = new HttpServerDecoder();
@@ -306,4 +308,23 @@ public class HttpServerDecoderTest {
assertEquals("localhost", request.getHeader("host"));
assertTrue(out.getQueue().poll() instanceof HttpEndOfContent);
}
+
+ @Test
+ public void dosOnRequestWithAdditionalData() throws Exception {
+ ProtocolDecoderQueue out = new ProtocolDecoderQueue();
+ IoBuffer buffer = IoBuffer.allocate(0).setAutoExpand(true);
+ buffer.putString("GET / HTTP/1.0\r\nHost:localhost \r\n\r\ndummy", encoder);
+ buffer.rewind();
+ int prevBufferPosition = buffer.position();
+ while (buffer.hasRemaining()) {
+ decoder.decode(session, buffer, out);
+ assertNotEquals("Buffer at new position", prevBufferPosition, buffer.position());
+ prevBufferPosition = buffer.position();
+ }
+ assertEquals(2, out.getQueue().size());
+ HttpRequest request = (HttpRequest) out.getQueue().poll();
+ assertEquals("localhost", request.getHeader("host"));
+ assertTrue(out.getQueue().poll() instanceof HttpEndOfContent);
+ session.removeAttribute(DECODER_STATE_ATT); // This test leaves session in HEAD state, crashing following test
+ }
}