You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/09/13 15:35:39 UTC
[tomcat] 03/03: Correct a regression in the previous fix for BZ 66236
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e16d9f0a0d80dee7531f32ed50e6e5d08e1d0dff
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Sep 13 16:35:24 2022 +0100
Correct a regression in the previous fix for BZ 66236
https://bz.apache.org/bugzilla/show_bug.cgi?id=66236
---
java/org/apache/coyote/http11/Http11Processor.java | 2 +-
.../coyote/http11/filters/BufferedInputFilter.java | 37 ++++++++++++++--------
.../coyote/http11/filters/IdentityInputFilter.java | 6 +---
webapps/docs/changelog.xml | 7 ++++
4 files changed, 32 insertions(+), 20 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index fdc4cc395c..10e3d7098d 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -181,7 +181,7 @@ public class Http11Processor extends AbstractProcessor {
outputBuffer.addFilter(new VoidOutputFilter());
// Create and add buffered input filter
- inputBuffer.addFilter(new BufferedInputFilter());
+ inputBuffer.addFilter(new BufferedInputFilter(protocol.getMaxSwallowSize()));
// Create and add the gzip filters.
//inputBuffer.addFilter(new GzipInputFilter());
diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
index 7aa9f2da78..a091c92f3a 100644
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -33,13 +33,14 @@ import org.apache.tomcat.util.net.ApplicationBufferHandler;
*/
public class BufferedInputFilter implements InputFilter, ApplicationBufferHandler {
- // -------------------------------------------------------------- Constants
-
private static final String ENCODING_NAME = "buffered";
private static final ByteChunk ENCODING = new ByteChunk();
- // ----------------------------------------------------- Instance Variables
+ static {
+ ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1), 0, ENCODING_NAME.length());
+ }
+
// Use ByteChunk since it correctly handles the special buffer size of -1
// for maxSavePostSize.
@@ -48,15 +49,13 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
private InputBuffer buffer;
private boolean hasRead = false;
+ private final int maxSwallowSize;
- // ----------------------------------------------------- Static Initializer
- static {
- ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1),
- 0, ENCODING_NAME.length());
+ public BufferedInputFilter(int maxSwallowSize) {
+ this.maxSwallowSize = maxSwallowSize;
}
-
// --------------------------------------------------------- Public Methods
@@ -82,14 +81,24 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
*/
@Override
public void setRequest(Request request) {
- if (buffered.getLimit() == 0) {
- return;
- }
// save off the Request body
try {
- while (buffer.doRead(this) >= 0) {
- buffered.append(tempRead);
- tempRead = null;
+ if (buffered.getLimit() == 0) {
+ // Special case - ignore (swallow) body. Do so within a limit.
+ long swallowed = 0;
+ int read = 0;
+ while ((read = buffer.doRead(this)) >= 0) {
+ swallowed += read;
+ if (maxSwallowSize > -1 && swallowed > maxSwallowSize) {
+ // No need for i18n - this isn't going to get logged
+ throw new IOException("Ignored body exceeded maxSwallowSize");
+ }
+ }
+ } else {
+ while (buffer.doRead(this) >= 0) {
+ buffered.append(tempRead);
+ tempRead = null;
+ }
}
} catch(IOException | BufferOverflowException ioe) {
// No need for i18n - this isn't going to get logged anywhere
diff --git a/java/org/apache/coyote/http11/filters/IdentityInputFilter.java b/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
index a53e69be64..f89cee5eec 100644
--- a/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
@@ -34,20 +34,17 @@ import org.apache.tomcat.util.res.StringManager;
*/
public class IdentityInputFilter implements InputFilter, ApplicationBufferHandler {
- private static final StringManager sm = StringManager.getManager(
- IdentityInputFilter.class.getPackage().getName());
+ private static final StringManager sm = StringManager.getManager(IdentityInputFilter.class);
// -------------------------------------------------------------- Constants
-
protected static final String ENCODING_NAME = "identity";
protected static final ByteChunk ENCODING = new ByteChunk();
// ----------------------------------------------------- Static Initializer
-
static {
ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1),
0, ENCODING_NAME.length());
@@ -56,7 +53,6 @@ public class IdentityInputFilter implements InputFilter, ApplicationBufferHandle
// ----------------------------------------------------- Instance Variables
-
/**
* Content length.
*/
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a8ab4ba6c8..e5888a96bf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,13 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.1.0-M19 (markt)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Correct regression in the previous fix for <bug>66236</bug>. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.1.0-M18 (markt)" rtext="not released">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org