You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/11/14 13:16:31 UTC
[tomcat] branch main updated: Be stricter regarding invalid String/Character -> byte conversion
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ffe8e6d8e0 Be stricter regarding invalid String/Character -> byte conversion
ffe8e6d8e0 is described below
commit ffe8e6d8e0b1196818953aa0c70e6c21105b596f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Nov 14 13:16:18 2022 +0000
Be stricter regarding invalid String/Character -> byte conversion
---
java/org/apache/tomcat/util/buf/MessageBytes.java | 25 ++++++++++++++++++-----
webapps/docs/changelog.xml | 5 +++++
2 files changed, 25 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/MessageBytes.java b/java/org/apache/tomcat/util/buf/MessageBytes.java
index 50ae3596dc..e1275561e6 100644
--- a/java/org/apache/tomcat/util/buf/MessageBytes.java
+++ b/java/org/apache/tomcat/util/buf/MessageBytes.java
@@ -20,7 +20,10 @@ import java.io.IOException;
import java.io.Serializable;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
+import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
+import java.nio.charset.CharsetEncoder;
+import java.nio.charset.CodingErrorAction;
import java.util.Locale;
import org.apache.tomcat.util.res.StringManager;
@@ -258,11 +261,23 @@ public final class MessageBytes implements Cloneable, Serializable {
}
ByteBuffer bb;
- if (type == T_CHARS) {
- bb = getCharset().encode(CharBuffer.wrap(charC));
- } else {
- // Must be T_STR
- bb = getCharset().encode(strValue);
+ CharsetEncoder encoder = getCharset().newEncoder();
+ encoder.onMalformedInput(CodingErrorAction.REPORT);
+ encoder.onUnmappableCharacter(CodingErrorAction.REPORT);
+
+ try {
+ if (type == T_CHARS) {
+ bb = encoder.encode(CharBuffer.wrap(charC));
+ } else {
+ // Must be T_STR
+ bb = encoder.encode(CharBuffer.wrap(strValue));
+ }
+ } catch (CharacterCodingException cce) {
+ // Some calls to this conversion originate in application code and
+ // the Servlet API methods do not declare a suitable exception that
+ // can be thrown. Therefore stick with the uncaught exception type
+ // used by the old, pre-Java 16 optimised version of this code.
+ throw new IllegalArgumentException(cce);
}
byteC.setBytes(bb.array(), bb.arrayOffset(), bb.limit());
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 128c3cf94f..cbf01a7ebb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -175,6 +175,11 @@
Remove unnecessary code that exposed the <code>asyncTimeout</code> to
components that never used it. (markt)
</scode>
+ <fix>
+ Ensure that all <code>MessageBytes</code> conversions to byte arrays are
+ valid for the configured character set and throw an exception if not.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch main updated: Be stricter regarding invalid String/Character -> byte conversion
Posted by Mark Thomas <ma...@apache.org>.
On 14/11/2022 13:16, markt@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new ffe8e6d8e0 Be stricter regarding invalid String/Character -> byte conversion
> ffe8e6d8e0 is described below
>
> commit ffe8e6d8e0b1196818953aa0c70e6c21105b596f
> Author: Mark Thomas <ma...@apache.org>
> AuthorDate: Mon Nov 14 13:16:18 2022 +0000
>
> Be stricter regarding invalid String/Character -> byte conversion
I'm not intending to back-port this as it could break stuff.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org