You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by jo...@apache.org on 2021/09/21 02:50:48 UTC

[mina] branch 2.2.X updated: Adds malformed HTTP request check

This is an automated email from the ASF dual-hosted git repository.

johnnyv pushed a commit to branch 2.2.X
in repository https://gitbox.apache.org/repos/asf/mina.git


The following commit(s) were added to refs/heads/2.2.X by this push:
     new 27256db  Adds malformed HTTP request check
27256db is described below

commit 27256dbd145bfa6dad5ee43ded20cc1f278b6278
Author: Wim van Ravesteijn <wi...@ravesteijn.nl>
AuthorDate: Mon Sep 20 22:50:31 2021 -0400

    Adds malformed HTTP request check
---
 .../apache/mina/http/HttpServerDecoderTest.java    | 23 +++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java b/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
index c752c61..f840909 100644
--- a/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
+++ b/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
@@ -20,6 +20,7 @@
 package org.apache.mina.http;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertTrue;
 
 import java.nio.charset.CharacterCodingException;
@@ -28,7 +29,6 @@ import java.nio.charset.CharsetEncoder;
 import java.util.Queue;
 
 import org.apache.mina.core.buffer.IoBuffer;
-import org.apache.mina.core.filterchain.IoFilter.NextFilter;
 import org.apache.mina.core.session.DummySession;
 import org.apache.mina.core.session.IoSession;
 import org.apache.mina.filter.codec.AbstractProtocolDecoderOutput;
@@ -38,6 +38,8 @@ import org.apache.mina.http.api.HttpRequest;
 import org.junit.Test;
 
 public class HttpServerDecoderTest {
+	private static final String DECODER_STATE_ATT = "http.ds";
+
 	private static final CharsetEncoder encoder = Charset.forName("US-ASCII").newEncoder(); //$NON-NLS-1$
 
 	private static final ProtocolDecoder decoder = new HttpServerDecoder();
@@ -306,4 +308,23 @@ public class HttpServerDecoderTest {
 		assertEquals("localhost", request.getHeader("host"));
 		assertTrue(out.getQueue().poll() instanceof HttpEndOfContent);
 	}
+
+	@Test
+	public void dosOnRequestWithAdditionalData() throws Exception {
+		ProtocolDecoderQueue out = new ProtocolDecoderQueue();
+		IoBuffer buffer = IoBuffer.allocate(0).setAutoExpand(true);
+		buffer.putString("GET / HTTP/1.0\r\nHost:localhost  \r\n\r\ndummy", encoder);
+		buffer.rewind();
+		int prevBufferPosition = buffer.position();
+		while (buffer.hasRemaining()) {
+			decoder.decode(session, buffer, out);
+			assertNotEquals("Buffer at new position", prevBufferPosition, buffer.position());
+			prevBufferPosition = buffer.position();
+		}
+		assertEquals(2, out.getQueue().size());
+		HttpRequest request = (HttpRequest) out.getQueue().poll();
+		assertEquals("localhost", request.getHeader("host"));
+		assertTrue(out.getQueue().poll() instanceof HttpEndOfContent);
+		session.removeAttribute(DECODER_STATE_ATT); // This test leaves session in HEAD state, crashing following test
+	}
 }