You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/22 14:05:59 UTC

[tomcat] branch 7.0.x updated: Correct parsing of host names that contain bytes in the range 128 to 255

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new cca76f5  Correct parsing of host names that contain bytes in the range 128 to 255
cca76f5 is described below

commit cca76f56fe384072edddce7a474f4366410c8f12
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jul 22 15:02:00 2019 +0100

    Correct parsing of host names that contain bytes in the range 128 to 255
---
 java/org/apache/tomcat/util/http/parser/Host.java | 6 ++++--
 webapps/docs/changelog.xml                        | 9 +++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/http/parser/Host.java b/java/org/apache/tomcat/util/http/parser/Host.java
index f4f5848..1400de1 100644
--- a/java/org/apache/tomcat/util/http/parser/Host.java
+++ b/java/org/apache/tomcat/util/http/parser/Host.java
@@ -96,7 +96,8 @@ public class Host {
         @Override
         public int read(char[] cbuf, int off, int len) throws IOException {
             for (int i = off; i < off + len; i++) {
-                cbuf[i] = (char) bytes[pos++];
+                // Want output in range 0 to 255, not -128 to 127
+                cbuf[i] = (char) (bytes[pos++] & 0xFF);
             }
             return len;
         }
@@ -111,7 +112,8 @@ public class Host {
         @Override
         public int read() throws IOException {
             if (pos < end) {
-                return bytes[pos++];
+                // Want output in range 0 to 255, not -128 to 127
+                return bytes[pos++] & 0xFF;
             } else {
                 return -1;
             }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 20ccf3c..7fabf5b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -60,6 +60,15 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 7.0.96 (violetagg)">
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Correct parsing of invalid host names that contain bytes in the range
+        128 to 255 and reject them with a 400 response rather than triggering an
+        internal error that results in a 500 response. (markt)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 7.0.95 (violetagg)">
   <subsection name="Catalina">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org