You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/11/25 17:40:56 UTC
svn commit: r1039090 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt
java/org/apache/coyote/Constants.java
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
webapps/docs/changelog.xml webapps/docs/config/systemprops.xml
Author: markt
Date: Thu Nov 25 16:40:55 2010
New Revision: 1039090
URL: http://svn.apache.org/viewvc?rev=1039090&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49860
Add support for trailing headers in chunked HTTP requests. The header length is limited to 8192 by default and the limit can be changed via a system property. markt/kkolinko
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 25 16:40:55 2010
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,77
0809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,8901
39,890265,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,944409,944416,945231,945808,945835,945841,946686
,948057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,962865,962872,962881,962900,963865,963868,964614,966177-966178,966292,966692,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003481,1003488,1003556,1003572,1003581,1003861,1004868-1004869,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,77
0809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,8901
39,890265,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,944409,944416,945231,945808,945835,945841,946686
,948057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,962865,962872,962881,962900,963865,963868,964614,966177-966178,966292,966692,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004868-1004869,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033842,1037924
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1039090&r1=1039089&r2=1039090&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Nov 25 16:40:55 2010
@@ -81,27 +81,6 @@ PATCHES PROPOSED TO BACKPORT:
but from debugging it looks that it is called by Tomcat code only
(JspServlet).
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49860
- Add support for trailing headers.
- http://svn.apache.org/viewvc?rev=1003461&view=rev
- http://svn.apache.org/viewvc?rev=1033415&view=rev
- Note: Don't change return type for parseEndChunk(), just return true.
- +1: markt, kkolinko, jfclere
- -1:
- kkolinko: Only if accompanied by a patch that sets limit on the maximum
- size of ChunkedInputFilter.trailingHeaders buffer. I am proposing such a
- patch below. Otherwise it would be vulnerable to a DOS.
-
- kkolinko: Additional patch:
- http://svn.apache.org/viewvc?rev=1033842&view=rev
- +1: kkolinko, markt, jfclere
- -1:
-
- kkolinko: Patch to impose limit on the trailers length:
- http://svn.apache.org/viewvc?rev=1037924&view=rev
- +1: kkolinko, markt, jfclere
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026
Force DefaultServlet to serve all resources relative to context root
regardless of mappings/mount point.
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java?rev=1039090&r1=1039089&r2=1039090&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java Thu Nov 25 16:40:55 2010
@@ -68,4 +68,12 @@ public final class Constants {
"org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER",
"false")).booleanValue();
+ /**
+ * Limit on the total length of the trailer headers in
+ * a chunked HTTP request.
+ */
+ public static final int MAX_TRAILER_SIZE =
+ Integer.parseInt(System.getProperty(
+ "org.apache.coyote.MAX_TRAILER_SIZE",
+ "8192"));
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1039090&r1=1039089&r2=1039090&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Thu Nov 25 16:40:55 2010
@@ -17,6 +17,7 @@
package org.apache.coyote.http11.filters;
+import java.io.EOFException;
import java.io.IOException;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -26,6 +27,8 @@ import org.apache.coyote.InputBuffer;
import org.apache.coyote.Request;
import org.apache.coyote.http11.Constants;
import org.apache.coyote.http11.InputFilter;
+import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.http.MimeHeaders;
/**
* Chunked input filter. Parses chunked data according to
@@ -96,12 +99,32 @@ public class ChunkedInputFilter implemen
*/
protected boolean endChunk = false;
+
+ /**
+ * Byte chunk used to store trailing headers.
+ */
+ protected ByteChunk trailingHeaders;
+
+ {
+ trailingHeaders = new ByteChunk();
+ if (org.apache.coyote.Constants.MAX_TRAILER_SIZE > 0) {
+ trailingHeaders.setLimit(org.apache.coyote.Constants.MAX_TRAILER_SIZE);
+ }
+ }
+
+
/**
* Flag set to true if the next call to doRead() must parse a CRLF pair
* before doing anything else.
*/
protected boolean needCRLFParse = false;
+
+ /**
+ * Request being parsed.
+ */
+ private Request request;
+
// ------------------------------------------------------------- Properties
@@ -176,6 +199,7 @@ public class ChunkedInputFilter implemen
* Read the content length from the request.
*/
public void setRequest(Request request) {
+ this.request = request;
}
@@ -219,6 +243,7 @@ public class ChunkedInputFilter implemen
pos = 0;
lastValid = 0;
endChunk = false;
+ trailingHeaders.recycle();
}
@@ -348,14 +373,161 @@ public class ChunkedInputFilter implemen
/**
* Parse end chunk data.
- * FIXME: Handle trailers
*/
- protected boolean parseEndChunk()
- throws IOException {
-
- return parseCRLF(); // FIXME
+ protected boolean parseEndChunk() throws IOException {
+ // Handle option trailer headers
+ while (parseHeader()) {
+ // Loop until we run out of headers
+ }
+ return true;
}
+
+ private boolean parseHeader() throws IOException {
+
+ MimeHeaders headers = request.getMimeHeaders();
+
+ byte chr = 0;
+ while (true) {
+ // Read new bytes if needed
+ if (pos >= lastValid) {
+ if (readBytes() <0)
+ throw new EOFException("Unexpected end of stream whilst reading trailer headers for chunked request");
+ }
+ chr = buf[pos];
+
+ if ((chr == Constants.CR) || (chr == Constants.LF)) {
+ if (chr == Constants.LF) {
+ pos++;
+ return false;
+ }
+ } else {
+ break;
+ }
+
+ pos++;
+
+ }
+
+ // Mark the current buffer position
+ int start = trailingHeaders.getEnd();
+
+ //
+ // Reading the header name
+ // Header name is always US-ASCII
+ //
+
+ boolean colon = false;
+ while (!colon) {
+
+ // Read new bytes if needed
+ if (pos >= lastValid) {
+ if (readBytes() <0)
+ throw new EOFException("Unexpected end of stream whilst reading trailer headers for chunked request");
+ }
+
+ chr = buf[pos];
+ if ((chr >= Constants.A) && (chr <= Constants.Z)) {
+ chr = (byte) (chr - Constants.LC_OFFSET);
+ }
+
+ if (chr == Constants.COLON) {
+ colon = true;
+ } else {
+ trailingHeaders.append(chr);
+ }
+
+ pos++;
+
+ }
+ MessageBytes headerValue = headers.addValue(trailingHeaders.getBytes(),
+ start, trailingHeaders.getEnd() - start);
+
+ // Mark the current buffer position
+ start = trailingHeaders.getEnd();
+
+ //
+ // Reading the header value (which can be spanned over multiple lines)
+ //
+
+ boolean eol = false;
+ boolean validLine = true;
+ int lastSignificantChar = 0;
+
+ while (validLine) {
+
+ boolean space = true;
+
+ // Skipping spaces
+ while (space) {
+
+ // Read new bytes if needed
+ if (pos >= lastValid) {
+ if (readBytes() <0)
+ throw new EOFException("Unexpected end of stream whilst reading trailer headers for chunked request");
+ }
+
+ chr = buf[pos];
+ if ((chr == Constants.SP) || (chr == Constants.HT)) {
+ pos++;
+ } else {
+ space = false;
+ }
+
+ }
+
+ // Reading bytes until the end of the line
+ while (!eol) {
+
+ // Read new bytes if needed
+ if (pos >= lastValid) {
+ if (readBytes() <0)
+ throw new EOFException("Unexpected end of stream whilst reading trailer headers for chunked request");
+ }
+
+ chr = buf[pos];
+ if (chr == Constants.CR) {
+ // Skip
+ } else if (chr == Constants.LF) {
+ eol = true;
+ } else if (chr == Constants.SP) {
+ trailingHeaders.append(chr);
+ } else {
+ trailingHeaders.append(chr);
+ lastSignificantChar = trailingHeaders.getEnd();
+ }
+
+ pos++;
+
+ }
+
+ // Checking the first character of the new line. If the character
+ // is a LWS, then it's a multiline header
+
+ // Read new bytes if needed
+ if (pos >= lastValid) {
+ if (readBytes() <0)
+ throw new EOFException("Unexpected end of stream whilst reading trailer headers for chunked request");
+ }
+
+ chr = buf[pos];
+ if ((chr != Constants.SP) && (chr != Constants.HT)) {
+ validLine = false;
+ } else {
+ eol = false;
+ // Copying one extra space in the buffer (since there must
+ // be at least one space inserted between the lines)
+ trailingHeaders.append(chr);
+ }
+
+ }
+
+ // Set the header value
+ headerValue.setBytes(trailingHeaders.getBytes(), start,
+ lastSignificantChar - start);
+
+ return true;
+ }
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1039090&r1=1039089&r2=1039090&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Nov 25 16:40:55 2010
@@ -220,6 +220,11 @@
<fix>
Improve recycling of processors in Http11NioProtocol. (kkolinko)
</fix>
+ <fix>
+ <bug>49860</bug>: Add support for trailing headers in chunked HTTP
+ requests. The header length is limited to 8192 by default and the limit
+ can be changed via a system property. (markt/kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml?rev=1039090&r1=1039089&r2=1039090&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml Thu Nov 25 16:40:55 2010
@@ -366,6 +366,13 @@
<properties>
+ <property name="org.apache.coyote.MAX_TRAILER_SIZE">
+ <p>Limits the total length of trailing headers in the last chunk of
+ a chunked HTTP request.
+ If the value is <code>-1</code>, no limit will be imposed.</p>
+ <p>If not specified, the default value of <code>8192</code> will be used.</p>
+ </property>
+
<property name="catalina.useNaming">
<p>If this is <code>false</code> it will override the
<code>useNaming</code> attribute for all <a href="context.html">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org