You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/03/03 12:41:54 UTC

svn commit: r1733448 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11InputBuffer.java test/org/apache/coyote/http11/TestHttp11InputBuffer.java webapps/docs/changelog.xml

Author: markt
Date: Thu Mar  3 11:41:53 2016
New Revision: 1733448

URL: http://svn.apache.org/viewvc?rev=1733448&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59089
Correctly ignore HTTP headers that include non-token characters in the header name.

Modified:
    tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
    tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1733448&r1=1733447&r2=1733448&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Thu Mar  3 11:41:53 2016
@@ -806,7 +806,7 @@ public class Http11InputBuffer implement
                 headerData.realPos = pos;
                 headerData.lastSignificantChar = pos;
                 break;
-            } else if (!HTTP_TOKEN_CHAR[chr]) {
+            } else if (chr < 0 || !HTTP_TOKEN_CHAR[chr]) {
                 // If a non-token header is detected, skip the line and
                 // ignore the header
                 headerData.lastSignificantChar = pos;

Modified: tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java?rev=1733448&r1=1733447&r2=1733448&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java Thu Mar  3 11:41:53 2016
@@ -478,4 +478,67 @@ public class TestHttp11InputBuffer exten
         }
 
     }
+
+
+    /**
+     * Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=59089
+     */
+    @Test
+    public void testBug59089() {
+
+        Bug59089Client client = new Bug59089Client();
+
+        client.doRequest();
+        assertTrue(client.isResponse200());
+        assertTrue(client.isResponseBodyOK());
+    }
+
+
+    /**
+     * Bug 59089 test client.
+     */
+    private class Bug59089Client extends SimpleHttpClient {
+
+        private Exception doRequest() {
+
+            Tomcat tomcat = getTomcatInstance();
+
+            Context root = tomcat.addContext("", TEMP_DIR);
+            Tomcat.addServlet(root, "Bug59089", new TesterServlet());
+            root.addServletMapping("/test", "Bug59089");
+
+            try {
+                tomcat.start();
+                setPort(tomcat.getConnector().getLocalPort());
+
+                // Open connection
+                connect();
+
+                String[] request = new String[1];
+                request[0] = "GET http://localhost:8080/test HTTP/1.1" + CRLF +
+                        "X-Header: Ignore" + CRLF +
+                        "X-Header" + (char) 130 + ": Broken" + CRLF + CRLF;
+
+                setRequest(request);
+                processRequest(); // blocks until response has been read
+
+                // Close the connection
+                disconnect();
+            } catch (Exception e) {
+                return e;
+            }
+            return null;
+        }
+
+        @Override
+        public boolean isResponseBodyOK() {
+            if (getResponseBody() == null) {
+                return false;
+            }
+            if (!getResponseBody().contains("OK")) {
+                return false;
+            }
+            return true;
+        }
+    }
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733448&r1=1733447&r2=1733448&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Mar  3 11:41:53 2016
@@ -172,6 +172,10 @@
         <bug>59081</bug>: Retain the user defined cipher order when defining
         ciphers. (markt)
       </fix>
+      <fix>
+        <bug>59089</bug>: Correctly ignore HTTP headers that include non-token
+        characters in the header name. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org