You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/04/28 16:31:19 UTC

[tomcat] branch 8.5.x updated (2f9a206 -> a2e465c)

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


    from 2f9a206  Refactor system property source to be more flexible
     new 559a050  Reject invalid HTTP protocols with 400 rather than 505
     new a2e465c  Fix off by one issue in error message generation

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/coyote/http11/Http11InputBuffer.java       |  4 ++--
 .../apache/coyote/http11/TestHttp11InputBufferCRLF.java    |  7 +++++++
 webapps/docs/changelog.xml                                 | 14 ++++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[tomcat] 02/02: Fix off by one issue in error message generation

Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a2e465cfd980b8350656205f1c6515388f5a1612
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Apr 28 17:22:24 2021 +0100

    Fix off by one issue in error message generation
---
 java/org/apache/coyote/http11/Http11InputBuffer.java | 2 +-
 webapps/docs/changelog.xml                           | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 4b7f82d..b8fcee3 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -638,7 +638,7 @@ public class Http11InputBuffer implements InputBuffer, ApplicationBufferHandler
         while (buffer.hasRemaining() && b != 0x20) {
             b = buffer.get();
         }
-        String result = HeaderUtil.toPrintableString(buffer.array(), buffer.arrayOffset() + startPos, buffer.position() - startPos - 1);
+        String result = HeaderUtil.toPrintableString(buffer.array(), buffer.arrayOffset() + startPos, buffer.position() - startPos);
         if (b != 0x20) {
             // Ran out of buffer rather than found a space
             result = result + "...";
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a535443..6657c4b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -134,6 +134,11 @@
         protocol component of the request line are rejected with a 400 response
         rather than some requests being rejected with a 505 response. (markt)
       </fix>
+      <fix>
+        When generating the error message for an HTTP request with an invalid
+        request line, ensure that all the available data is included in the
+        error message. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[tomcat] 01/02: Reject invalid HTTP protocols with 400 rather than 505

Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 559a05015601f44de09052cc3ca99f1aa1b4df15
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Apr 28 17:21:13 2021 +0100

    Reject invalid HTTP protocols with 400 rather than 505
---
 java/org/apache/coyote/http11/Http11InputBuffer.java         | 2 +-
 test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java | 7 +++++++
 webapps/docs/changelog.xml                                   | 9 +++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java b/java/org/apache/coyote/http11/Http11InputBuffer.java
index d32d6ff..4b7f82d 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -568,7 +568,7 @@ public class Http11InputBuffer implements InputBuffer, ApplicationBufferHandler
                 } else if (prevChr == Constants.CR && chr == Constants.LF) {
                     end = pos - 1;
                     parsingRequestLineEol = true;
-                } else if (!HttpParser.isHttpProtocol(chr)) {
+                } else if (prevChr == Constants.CR || !HttpParser.isHttpProtocol(chr)) {
                     String invalidProtocol = parseInvalid(parsingRequestLineStart, byteBuffer);
                     throw new IllegalArgumentException(sm.getString("iib.invalidHttpProtocol", invalidProtocol));
                 }
diff --git a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
index 829912b..a953031 100644
--- a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
+++ b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
@@ -74,6 +74,13 @@ public class TestHttp11InputBufferCRLF extends TomcatBaseTest {
                 CRLF,
                 Boolean.FALSE, parameterSets);
 
+        // Standard HTTP/1.1 request with invalid HTTP protocol
+        addRequestWithSplits("GET /test HTTP/" + CR + "1.1" + CRLF +
+                "Host: localhost:8080" + CRLF +
+                "Connection: close" + CRLF +
+                CRLF,
+                Boolean.FALSE, Boolean.FALSE, parameterSets);
+
         // Invalid HTTP/1.1 request
         addRequestWithSplits("GET /te<st HTTP/1.1" + CRLF +
                 "Host: localhost:8080" + CRLF +
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 969ee81..a535443 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -127,6 +127,15 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Ensure that all HTTP requests that contain an invalid character in the
+        protocol component of the request line are rejected with a 400 response
+        rather than some requests being rejected with a 505 response. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Jasper">
     <changelog>
       <scode>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org