You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/22 14:05:59 UTC
[tomcat] branch 7.0.x updated: Correct parsing of host names that
contain bytes in the range 128 to 255
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new cca76f5 Correct parsing of host names that contain bytes in the range 128 to 255
cca76f5 is described below
commit cca76f56fe384072edddce7a474f4366410c8f12
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jul 22 15:02:00 2019 +0100
Correct parsing of host names that contain bytes in the range 128 to 255
---
java/org/apache/tomcat/util/http/parser/Host.java | 6 ++++--
webapps/docs/changelog.xml | 9 +++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/Host.java b/java/org/apache/tomcat/util/http/parser/Host.java
index f4f5848..1400de1 100644
--- a/java/org/apache/tomcat/util/http/parser/Host.java
+++ b/java/org/apache/tomcat/util/http/parser/Host.java
@@ -96,7 +96,8 @@ public class Host {
@Override
public int read(char[] cbuf, int off, int len) throws IOException {
for (int i = off; i < off + len; i++) {
- cbuf[i] = (char) bytes[pos++];
+ // Want output in range 0 to 255, not -128 to 127
+ cbuf[i] = (char) (bytes[pos++] & 0xFF);
}
return len;
}
@@ -111,7 +112,8 @@ public class Host {
@Override
public int read() throws IOException {
if (pos < end) {
- return bytes[pos++];
+ // Want output in range 0 to 255, not -128 to 127
+ return bytes[pos++] & 0xFF;
} else {
return -1;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 20ccf3c..7fabf5b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -60,6 +60,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 7.0.96 (violetagg)">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Correct parsing of invalid host names that contain bytes in the range
+ 128 to 255 and reject them with a 400 response rather than triggering an
+ internal error that results in a 500 response. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 7.0.95 (violetagg)">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org