You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/06/08 10:37:14 UTC

[tomcat] branch main updated: Treat empty token at end the same way as empty token at start/middle

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 157487d  Treat empty token at end the same way as empty token at start/middle
157487d is described below

commit 157487d425734a37ac32fe709ff20b8f6d8fe4e4
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jun 8 11:27:33 2021 +0100

    Treat empty token at end the same way as empty token at start/middle
---
 .../apache/tomcat/util/http/parser/TokenList.java  |  3 ++-
 .../tomcat/util/http/parser/TestTokenList.java     | 29 ++++++++++++++++++++++
 webapps/docs/changelog.xml                         |  6 +++++
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/http/parser/TokenList.java b/java/org/apache/tomcat/util/http/parser/TokenList.java
index 0ab7ce1..01ac449 100644
--- a/java/org/apache/tomcat/util/http/parser/TokenList.java
+++ b/java/org/apache/tomcat/util/http/parser/TokenList.java
@@ -84,7 +84,8 @@ public class TokenList {
             }
 
             if (fieldName.length() == 0) {
-                // No more data to read
+                // Unexpected EOF. Should have been a token.
+                invalid = true;
                 break;
             }
 
diff --git a/test/org/apache/tomcat/util/http/parser/TestTokenList.java b/test/org/apache/tomcat/util/http/parser/TestTokenList.java
index 43ea16d..a1415c4 100644
--- a/test/org/apache/tomcat/util/http/parser/TestTokenList.java
+++ b/test/org/apache/tomcat/util/http/parser/TestTokenList.java
@@ -190,4 +190,33 @@ public class TestTokenList {
         Assert.assertFalse(result);
     }
 
+
+    @Test
+    public void testMultipleWithEmptyStart() throws IOException {
+        Set<String> expected = new HashSet<>();
+        expected.add("bar");
+        expected.add("foo");
+        expected.add("host");
+        doTestVary(",Host, Foo, Bar", expected, false);
+    }
+
+
+    @Test
+    public void testMultipleWithEmptyMiddle() throws IOException {
+        Set<String> expected = new HashSet<>();
+        expected.add("bar");
+        expected.add("foo");
+        expected.add("host");
+        doTestVary("Host, Foo,,Bar", expected, false);
+    }
+
+
+    @Test
+    public void testMultipleWithEmptyEnd() throws IOException {
+        Set<String> expected = new HashSet<>();
+        expected.add("bar");
+        expected.add("foo");
+        expected.add("host");
+        doTestVary("Host, Foo, Bar,", expected, false);
+    }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 650533d..3cb74a3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -207,6 +207,12 @@
       <add>
         Add debug logging for HTTP/2 HPACK header decoding. (markt)
       </add>
+      <fix>
+        Correct parsing of HTTP headers consisting of a list of tokens so that a
+        header with an empty token is treated consistently regardless of whether
+        the empty token is at the start, middle or end of the list of tokens.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org