You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/04/28 16:31:19 UTC
[tomcat] branch 8.5.x updated (2f9a206 -> a2e465c)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 2f9a206 Refactor system property source to be more flexible
new 559a050 Reject invalid HTTP protocols with 400 rather than 505
new a2e465c Fix off by one issue in error message generation
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
java/org/apache/coyote/http11/Http11InputBuffer.java | 4 ++--
.../apache/coyote/http11/TestHttp11InputBufferCRLF.java | 7 +++++++
webapps/docs/changelog.xml | 14 ++++++++++++++
3 files changed, 23 insertions(+), 2 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Fix off by one issue in error message generation
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit a2e465cfd980b8350656205f1c6515388f5a1612
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Apr 28 17:22:24 2021 +0100
Fix off by one issue in error message generation
---
java/org/apache/coyote/http11/Http11InputBuffer.java | 2 +-
webapps/docs/changelog.xml | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 4b7f82d..b8fcee3 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -638,7 +638,7 @@ public class Http11InputBuffer implements InputBuffer, ApplicationBufferHandler
while (buffer.hasRemaining() && b != 0x20) {
b = buffer.get();
}
- String result = HeaderUtil.toPrintableString(buffer.array(), buffer.arrayOffset() + startPos, buffer.position() - startPos - 1);
+ String result = HeaderUtil.toPrintableString(buffer.array(), buffer.arrayOffset() + startPos, buffer.position() - startPos);
if (b != 0x20) {
// Ran out of buffer rather than found a space
result = result + "...";
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a535443..6657c4b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -134,6 +134,11 @@
protocol component of the request line are rejected with a 400 response
rather than some requests being rejected with a 505 response. (markt)
</fix>
+ <fix>
+ When generating the error message for an HTTP request with an invalid
+ request line, ensure that all the available data is included in the
+ error message. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: Reject invalid HTTP protocols with 400 rather than
505
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 559a05015601f44de09052cc3ca99f1aa1b4df15
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Apr 28 17:21:13 2021 +0100
Reject invalid HTTP protocols with 400 rather than 505
---
java/org/apache/coyote/http11/Http11InputBuffer.java | 2 +-
test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java | 7 +++++++
webapps/docs/changelog.xml | 9 +++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java b/java/org/apache/coyote/http11/Http11InputBuffer.java
index d32d6ff..4b7f82d 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -568,7 +568,7 @@ public class Http11InputBuffer implements InputBuffer, ApplicationBufferHandler
} else if (prevChr == Constants.CR && chr == Constants.LF) {
end = pos - 1;
parsingRequestLineEol = true;
- } else if (!HttpParser.isHttpProtocol(chr)) {
+ } else if (prevChr == Constants.CR || !HttpParser.isHttpProtocol(chr)) {
String invalidProtocol = parseInvalid(parsingRequestLineStart, byteBuffer);
throw new IllegalArgumentException(sm.getString("iib.invalidHttpProtocol", invalidProtocol));
}
diff --git a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
index 829912b..a953031 100644
--- a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
+++ b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
@@ -74,6 +74,13 @@ public class TestHttp11InputBufferCRLF extends TomcatBaseTest {
CRLF,
Boolean.FALSE, parameterSets);
+ // Standard HTTP/1.1 request with invalid HTTP protocol
+ addRequestWithSplits("GET /test HTTP/" + CR + "1.1" + CRLF +
+ "Host: localhost:8080" + CRLF +
+ "Connection: close" + CRLF +
+ CRLF,
+ Boolean.FALSE, Boolean.FALSE, parameterSets);
+
// Invalid HTTP/1.1 request
addRequestWithSplits("GET /te<st HTTP/1.1" + CRLF +
"Host: localhost:8080" + CRLF +
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 969ee81..a535443 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -127,6 +127,15 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Ensure that all HTTP requests that contain an invalid character in the
+ protocol component of the request line are rejected with a 400 response
+ rather than some requests being rejected with a 505 response. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Jasper">
<changelog>
<scode>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org