You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/06/05 22:26:37 UTC
svn commit: r1132487 - in /tomcat/trunk:
java/org/apache/coyote/http11/AbstractHttp11Processor.java
webapps/docs/changelog.xml
Author: markt
Date: Sun Jun 5 20:26:37 2011
New Revision: 1132487
URL: http://svn.apache.org/viewvc?rev=1132487&view=rev
Log:
Parse port as base10, not hex
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1132487&r1=1132486&r2=1132487&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java Sun Jun 5 20:26:37 2011
@@ -39,7 +39,6 @@ import org.apache.juli.logging.Log;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.buf.Ascii;
import org.apache.tomcat.util.buf.ByteChunk;
-import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.MimeHeaders;
@@ -993,26 +992,9 @@ public abstract class AbstractHttp11Proc
}
request.serverName().setChars(hostNameC, 0, valueL);
} else {
-
request.serverName().setChars(hostNameC, 0, colonPos);
-
- int port = 0;
- int mult = 1;
- for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.getDec(valueB[i + valueS]);
- if (charValue == -1) {
- // Invalid character
- error = true;
- // 400 - Bad request
- response.setStatus(400);
- adapter.log(request, response, 0);
- break;
- }
- port = port + (charValue * mult);
- mult = 10 * mult;
- }
- request.setServerPort(port);
-
+ request.setServerPort(Ascii.parseInt(
+ valueB, valueS + colonPos + 1, valueL - colonPos - 1));
}
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1132487&r1=1132486&r2=1132487&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Jun 5 20:26:37 2011
@@ -49,6 +49,10 @@
Correctly handle range requests when using sendfile and the APR/native
HTTP connector. (markt)
</fix>
+ <fix>
+ When parsing the port in the HTTP host header, treat the port as a base
+ 10 integer rather than a hexadecimal one. (rjung/markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1132487 - in /tomcat/trunk: java/org/apache/coyote/http11/AbstractHttp11Processor.java
webapps/docs/changelog.xml
Posted by Mark Thomas <ma...@apache.org>.
On 06/06/2011 13:04, Tim Funk wrote:
> Ascii.parseInt can throw a NumberFormatException which should probably be
> caught and a 400 returned.
Yep. Konstantin pointed out the same issue. Shoudl be fixed now.
Mark
>
> -Tim
>
> On Sun, Jun 5, 2011 at 4:26 PM, <ma...@apache.org> wrote:
>
>> Author: markt
>> Date: Sun Jun 5 20:26:37 2011
>> New Revision: 1132487
>>
>> URL: http://svn.apache.org/viewvc?rev=1132487&view=rev
>> Log:
>> Parse port as base10, not hex
>>
>> Modified:
>> tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
>> tomcat/trunk/webapps/docs/changelog.xml
>>
>> Modified:
>> tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1132487&r1=1132486&r2=1132487&view=diff
>>
>> ==============================================================================
>> --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
>> (original)
>> +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
>> Sun Jun 5 20:26:37 2011
>> @@ -39,7 +39,6 @@ import org.apache.juli.logging.Log;
>> import org.apache.tomcat.util.ExceptionUtils;
>> import org.apache.tomcat.util.buf.Ascii;
>> import org.apache.tomcat.util.buf.ByteChunk;
>> -import org.apache.tomcat.util.buf.HexUtils;
>> import org.apache.tomcat.util.buf.MessageBytes;
>> import org.apache.tomcat.util.http.FastHttpDateFormat;
>> import org.apache.tomcat.util.http.MimeHeaders;
>> @@ -993,26 +992,9 @@ public abstract class AbstractHttp11Proc
>> }
>> request.serverName().setChars(hostNameC, 0, valueL);
>> } else {
>> -
>> request.serverName().setChars(hostNameC, 0, colonPos);
>> -
>> - int port = 0;
>> - int mult = 1;
>> - for (int i = valueL - 1; i > colonPos; i--) {
>> - int charValue = HexUtils.getDec(valueB[i + valueS]);
>> - if (charValue == -1) {
>> - // Invalid character
>> - error = true;
>> - // 400 - Bad request
>> - response.setStatus(400);
>> - adapter.log(request, response, 0);
>> - break;
>> - }
>> - port = port + (charValue * mult);
>> - mult = 10 * mult;
>> - }
>> - request.setServerPort(port);
>> -
>> + request.setServerPort(Ascii.parseInt(
>> + valueB, valueS + colonPos + 1, valueL - colonPos -
>> 1));
>> }
>>
>> }
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1132487 - in /tomcat/trunk: java/org/apache/coyote/http11/AbstractHttp11Processor.java
webapps/docs/changelog.xml
Posted by Tim Funk <fu...@apache.org>.
Ascii.parseInt can throw a NumberFormatException which should probably be
caught and a 400 returned.
-Tim
On Sun, Jun 5, 2011 at 4:26 PM, <ma...@apache.org> wrote:
> Author: markt
> Date: Sun Jun 5 20:26:37 2011
> New Revision: 1132487
>
> URL: http://svn.apache.org/viewvc?rev=1132487&view=rev
> Log:
> Parse port as base10, not hex
>
> Modified:
> tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
> tomcat/trunk/webapps/docs/changelog.xml
>
> Modified:
> tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1132487&r1=1132486&r2=1132487&view=diff
>
> ==============================================================================
> --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
> (original)
> +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
> Sun Jun 5 20:26:37 2011
> @@ -39,7 +39,6 @@ import org.apache.juli.logging.Log;
> import org.apache.tomcat.util.ExceptionUtils;
> import org.apache.tomcat.util.buf.Ascii;
> import org.apache.tomcat.util.buf.ByteChunk;
> -import org.apache.tomcat.util.buf.HexUtils;
> import org.apache.tomcat.util.buf.MessageBytes;
> import org.apache.tomcat.util.http.FastHttpDateFormat;
> import org.apache.tomcat.util.http.MimeHeaders;
> @@ -993,26 +992,9 @@ public abstract class AbstractHttp11Proc
> }
> request.serverName().setChars(hostNameC, 0, valueL);
> } else {
> -
> request.serverName().setChars(hostNameC, 0, colonPos);
> -
> - int port = 0;
> - int mult = 1;
> - for (int i = valueL - 1; i > colonPos; i--) {
> - int charValue = HexUtils.getDec(valueB[i + valueS]);
> - if (charValue == -1) {
> - // Invalid character
> - error = true;
> - // 400 - Bad request
> - response.setStatus(400);
> - adapter.log(request, response, 0);
> - break;
> - }
> - port = port + (charValue * mult);
> - mult = 10 * mult;
> - }
> - request.setServerPort(port);
> -
> + request.setServerPort(Ascii.parseInt(
> + valueB, valueS + colonPos + 1, valueL - colonPos -
> 1));
> }
>
> }
>
>