You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/03/13 12:08:27 UTC
svn commit: r1666395 - in /tomcat/tc8.0.x/trunk: ./
java/org/apache/coyote/http11/ java/org/apache/coyote/http11/filters/
test/org/apache/coyote/http11/filters/ webapps/docs/ webapps/docs/config/
Author: markt
Date: Fri Mar 13 11:08:26 2015
New Revision: 1666395
URL: http://svn.apache.org/r1666395
Log:
Make processing of trailer headers for chunked input optional.
Trailer headers to process must be added to the allowedTrailerHeader list or they will be ignored
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/tc8.0.x/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Mar 13 11:08:26 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663324,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663324,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java Fri Mar 13 11:08:26 2015
@@ -20,6 +20,7 @@ import java.io.IOException;
import java.io.InterruptedIOException;
import java.nio.ByteBuffer;
import java.util.Locale;
+import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern;
@@ -648,18 +649,18 @@ public abstract class AbstractHttp11Proc
/**
* Initialize standard input and output filters.
*/
- protected void initializeFilters(int maxTrailerSize, int maxExtensionSize,
- int maxSwallowSize) {
+ protected void initializeFilters(int maxTrailerSize, Set<String> allowedTrailerHeaders,
+ int maxExtensionSize, int maxSwallowSize) {
// Create and add the identity filters.
getInputBuffer().addFilter(new IdentityInputFilter(maxSwallowSize));
getOutputBuffer().addFilter(new IdentityOutputFilter());
// Create and add the chunked filters.
- getInputBuffer().addFilter(
- new ChunkedInputFilter(maxTrailerSize, maxExtensionSize, maxSwallowSize));
+ getInputBuffer().addFilter( new ChunkedInputFilter(maxTrailerSize,allowedTrailerHeaders,
+ maxExtensionSize, maxSwallowSize));
getOutputBuffer().addFilter(new ChunkedOutputFilter());
- // Create and add the void filters.
+ // Create and add the void filters
getInputBuffer().addFilter(new VoidInputFilter());
getOutputBuffer().addFilter(new VoidOutputFilter());
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri Mar 13 11:08:26 2015
@@ -16,6 +16,13 @@
*/
package org.apache.coyote.http11;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
import org.apache.coyote.AbstractProtocol;
@@ -187,6 +194,62 @@ public abstract class AbstractHttp11Prot
}
+ /**
+ * The names of headers that are allowed to be sent via a trailer when using
+ * chunked encoding. They are stored in lower case.
+ */
+ private Set<String> allowedTrailerHeaders =
+ Collections.newSetFromMap(new ConcurrentHashMap<String, Boolean>());
+ public void setAllowedTrailerHeaders(String commaSeparatedHeaders) {
+ // Jump through some hoops so we don't end up with an empty set while
+ // doing updates.
+ Set<String> toRemove = new HashSet<>();
+ toRemove.addAll(allowedTrailerHeaders);
+ if (commaSeparatedHeaders != null) {
+ String[] headers = commaSeparatedHeaders.split(",");
+ for (String header : headers) {
+ String trimmedHeader = header.trim().toLowerCase(Locale.ENGLISH);
+ if (toRemove.contains(trimmedHeader)) {
+ toRemove.remove(trimmedHeader);
+ } else {
+ allowedTrailerHeaders.add(trimmedHeader);
+ }
+ }
+ allowedTrailerHeaders.removeAll(toRemove);
+ }
+ }
+ public String getAllowedTrailerHeaders() {
+ // Chances of a size change between these lines are small enough that a
+ // sync is unnecessary.
+ List<String> copy = new ArrayList<>(allowedTrailerHeaders.size());
+ copy.addAll(allowedTrailerHeaders);
+ StringBuilder result = new StringBuilder();
+ boolean first = true;
+ for (String header : copy) {
+ if (first) {
+ first = false;
+ } else {
+ result.append(',');
+ }
+ result.append(header);
+ }
+ return result.toString();
+ }
+ public void addAllowedTrailerHeader(String header) {
+ if (header != null) {
+ allowedTrailerHeaders.add(header.trim().toLowerCase(Locale.ENGLISH));
+ }
+ }
+ public void removeAllowedTrailerHeader(String header) {
+ if (header != null) {
+ allowedTrailerHeaders.remove(header.trim().toLowerCase(Locale.ENGLISH));
+ }
+ }
+ protected Set<String> getAllowedTrailerHeadersAsSet() {
+ return allowedTrailerHeaders;
+ }
+
+
// ------------------------------------------------ HTTP specific properties
// ------------------------------------------ passed through to the EndPoint
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Fri Mar 13 11:08:26 2015
@@ -21,6 +21,7 @@ import java.io.IOException;
import java.io.InterruptedIOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.Set;
import org.apache.coyote.ActionCode;
import org.apache.coyote.ErrorState;
@@ -58,8 +59,8 @@ public class Http11AprProcessor extends
// ----------------------------------------------------------- Constructors
- public Http11AprProcessor(int headerBufferSize, AprEndpoint endpoint,
- int maxTrailerSize, int maxExtensionSize, int maxSwallowSize) {
+ public Http11AprProcessor(int headerBufferSize, AprEndpoint endpoint, int maxTrailerSize,
+ Set<String> allowedTrailerHeaders, int maxExtensionSize, int maxSwallowSize) {
super(endpoint);
@@ -69,7 +70,7 @@ public class Http11AprProcessor extends
outputBuffer = new InternalAprOutputBuffer(response, headerBufferSize);
response.setOutputBuffer(outputBuffer);
- initializeFilters(maxTrailerSize, maxExtensionSize, maxSwallowSize);
+ initializeFilters(maxTrailerSize, allowedTrailerHeaders, maxExtensionSize, maxSwallowSize);
}
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Fri Mar 13 11:08:26 2015
@@ -323,8 +323,8 @@ public class Http11AprProtocol extends A
protected Http11AprProcessor createProcessor() {
Http11AprProcessor processor = new Http11AprProcessor(
proto.getMaxHttpHeaderSize(), (AprEndpoint)proto.endpoint,
- proto.getMaxTrailerSize(), proto.getMaxExtensionSize(),
- proto.getMaxSwallowSize());
+ proto.getMaxTrailerSize(), proto.getAllowedTrailerHeadersAsSet(),
+ proto.getMaxExtensionSize(), proto.getMaxSwallowSize());
proto.configureProcessor(processor);
// APR specific configuration
processor.setClientCertProvider(proto.getClientCertProvider());
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java Fri Mar 13 11:08:26 2015
@@ -20,6 +20,7 @@ import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.util.Set;
import javax.net.ssl.SSLEngine;
@@ -59,8 +60,8 @@ public class Http11Nio2Processor extends
// ----------------------------------------------------------- Constructors
- public Http11Nio2Processor(int maxHttpHeaderSize, Nio2Endpoint endpoint,
- int maxTrailerSize, int maxExtensionSize, int maxSwallowSize) {
+ public Http11Nio2Processor(int maxHttpHeaderSize, Nio2Endpoint endpoint, int maxTrailerSize,
+ Set<String> allowedTrailerHeaders, int maxExtensionSize, int maxSwallowSize) {
super(endpoint);
@@ -70,7 +71,7 @@ public class Http11Nio2Processor extends
outputBuffer = new InternalNio2OutputBuffer(response, maxHttpHeaderSize);
response.setOutputBuffer(outputBuffer);
- initializeFilters(maxTrailerSize, maxExtensionSize, maxSwallowSize);
+ initializeFilters(maxTrailerSize, allowedTrailerHeaders, maxExtensionSize, maxSwallowSize);
}
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java Fri Mar 13 11:08:26 2015
@@ -249,8 +249,8 @@ public class Http11Nio2Protocol extends
public Http11Nio2Processor createProcessor() {
Http11Nio2Processor processor = new Http11Nio2Processor(
proto.getMaxHttpHeaderSize(), (Nio2Endpoint) proto.endpoint,
- proto.getMaxTrailerSize(), proto.getMaxExtensionSize(),
- proto.getMaxSwallowSize());
+ proto.getMaxTrailerSize(), proto.getAllowedTrailerHeadersAsSet(),
+ proto.getMaxExtensionSize(), proto.getMaxSwallowSize());
proto.configureProcessor(processor);
register(processor);
return processor;
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Fri Mar 13 11:08:26 2015
@@ -20,6 +20,7 @@ import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.InetAddress;
import java.nio.channels.SelectionKey;
+import java.util.Set;
import javax.net.ssl.SSLEngine;
@@ -62,8 +63,8 @@ public class Http11NioProcessor extends
// ----------------------------------------------------------- Constructors
- public Http11NioProcessor(int maxHttpHeaderSize, NioEndpoint endpoint,
- int maxTrailerSize, int maxExtensionSize, int maxSwallowSize) {
+ public Http11NioProcessor(int maxHttpHeaderSize, NioEndpoint endpoint, int maxTrailerSize,
+ Set<String> allowedTrailerHeaders, int maxExtensionSize, int maxSwallowSize) {
super(endpoint);
@@ -73,7 +74,7 @@ public class Http11NioProcessor extends
outputBuffer = new InternalNioOutputBuffer(response, maxHttpHeaderSize);
response.setOutputBuffer(outputBuffer);
- initializeFilters(maxTrailerSize, maxExtensionSize, maxSwallowSize);
+ initializeFilters(maxTrailerSize, allowedTrailerHeaders, maxExtensionSize, maxSwallowSize);
}
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Fri Mar 13 11:08:26 2015
@@ -281,8 +281,8 @@ public class Http11NioProtocol extends A
public Http11NioProcessor createProcessor() {
Http11NioProcessor processor = new Http11NioProcessor(
proto.getMaxHttpHeaderSize(), (NioEndpoint)proto.endpoint,
- proto.getMaxTrailerSize(), proto.getMaxExtensionSize(),
- proto.getMaxSwallowSize());
+ proto.getMaxTrailerSize(), proto.getAllowedTrailerHeadersAsSet(),
+ proto.getMaxExtensionSize(), proto.getMaxSwallowSize());
proto.configureProcessor(processor);
register(processor);
return processor;
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java Fri Mar 13 11:08:26 2015
@@ -20,6 +20,7 @@ import java.io.EOFException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
+import java.util.Set;
import org.apache.coyote.ActionCode;
import org.apache.coyote.http11.filters.BufferedInputFilter;
@@ -48,8 +49,8 @@ public class Http11Processor extends Abs
// ------------------------------------------------------------ Constructor
- public Http11Processor(int headerBufferSize, JIoEndpoint endpoint,
- int maxTrailerSize, int maxExtensionSize, int maxSwallowSize) {
+ public Http11Processor(int headerBufferSize, JIoEndpoint endpoint, int maxTrailerSize,
+ Set<String> allowedTrailerHeaders, int maxExtensionSize, int maxSwallowSize) {
super(endpoint);
@@ -59,7 +60,7 @@ public class Http11Processor extends Abs
outputBuffer = new InternalOutputBuffer(response, headerBufferSize);
response.setOutputBuffer(outputBuffer);
- initializeFilters(maxTrailerSize, maxExtensionSize, maxSwallowSize);
+ initializeFilters(maxTrailerSize, allowedTrailerHeaders, maxExtensionSize, maxSwallowSize);
}
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java Fri Mar 13 11:08:26 2015
@@ -187,8 +187,8 @@ public class Http11Protocol extends Abst
protected Http11Processor createProcessor() {
Http11Processor processor = new Http11Processor(
proto.getMaxHttpHeaderSize(), (JIoEndpoint)proto.endpoint,
- proto.getMaxTrailerSize(),proto.getMaxExtensionSize(),
- proto.getMaxSwallowSize());
+ proto.getMaxTrailerSize(), proto.getAllowedTrailerHeadersAsSet(),
+ proto.getMaxExtensionSize(), proto.getMaxSwallowSize());
proto.configureProcessor(processor);
// BIO specific configuration
processor.setDisableKeepAlivePercentage(proto.getDisableKeepAlivePercentage());
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java Fri Mar 13 11:08:26 2015
@@ -59,6 +59,8 @@ public class BufferedInputFilter impleme
/**
* Set the buffering limit. This should be reset every time the buffer is
* used.
+ *
+ * @param limit The maximum number of bytes that will be buffered
*/
public void setLimit(int limit) {
if (buffered == null) {
Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Fri Mar 13 11:08:26 2015
@@ -19,6 +19,8 @@ package org.apache.coyote.http11.filters
import java.io.EOFException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
+import java.util.Locale;
+import java.util.Set;
import org.apache.coyote.InputBuffer;
import org.apache.coyote.Request;
@@ -146,10 +148,14 @@ public class ChunkedInputFilter implemen
private boolean error;
+ private final Set<String> allowedTrailerHeaders;
+
// ----------------------------------------------------------- Constructors
- public ChunkedInputFilter(int maxTrailerSize, int maxExtensionSize, int maxSwallowSize) {
+ public ChunkedInputFilter(int maxTrailerSize, Set<String> allowedTrailerHeaders,
+ int maxExtensionSize, int maxSwallowSize) {
this.trailingHeaders.setLimit(maxTrailerSize);
+ this.allowedTrailerHeaders = allowedTrailerHeaders;
this.maxExtensionSize = maxExtensionSize;
this.maxTrailerSize = maxTrailerSize;
this.maxSwallowSize = maxSwallowSize;
@@ -469,7 +475,7 @@ public class ChunkedInputFilter implemen
}
// Mark the current buffer position
- int start = trailingHeaders.getEnd();
+ int startPos = trailingHeaders.getEnd();
//
// Reading the header name
@@ -500,11 +506,7 @@ public class ChunkedInputFilter implemen
pos++;
}
- MessageBytes headerValue = headers.addValue(trailingHeaders.getBytes(),
- start, trailingHeaders.getEnd() - start);
-
- // Mark the current buffer position
- start = trailingHeaders.getEnd();
+ int colonPos = trailingHeaders.getEnd();
//
// Reading the header value (which can be spanned over multiple lines)
@@ -592,9 +594,16 @@ public class ChunkedInputFilter implemen
}
- // Set the header value
- headerValue.setBytes(trailingHeaders.getBytes(), start,
- lastSignificantChar - start);
+ String headerName = new String(trailingHeaders.getBytes(), startPos,
+ colonPos - startPos, StandardCharsets.ISO_8859_1);
+
+ if (allowedTrailerHeaders.contains(headerName.trim().toLowerCase(Locale.ENGLISH))) {
+ MessageBytes headerValue = headers.addValue(headerName);
+
+ // Set the header value
+ headerValue.setBytes(trailingHeaders.getBytes(), colonPos,
+ lastSignificantChar - colonPos);
+ }
return true;
}
Modified: tomcat/tc8.0.x/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java (original)
+++ tomcat/tc8.0.x/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java Fri Mar 13 11:08:26 2015
@@ -104,6 +104,9 @@ public class TestChunkedInputFilter exte
// No file system docBase required
Context ctx = tomcat.addContext("", null);
+ // Configure allowed trailer headers
+ tomcat.getConnector().setProperty("allowedTrailerHeaders", "X-Trailer1,X-Trailer2");
+
EchoHeaderServlet servlet = new EchoHeaderServlet(expectPass);
Tomcat.addServlet(ctx, "servlet", servlet);
ctx.addServletMapping("/", "servlet");
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Fri Mar 13 11:08:26 2015
@@ -134,6 +134,10 @@
to ephemeral ECDH with anthing else. (markt)
</fix>
<fix>
+ <bug>57570</bug>: Make the processing of trailer headers with chunked
+ input optional and disabled by default. (markt)
+ </fix>
+ <fix>
<bug>57592</bug>: Correctly handle the case where an
<code>AsyncContext</code> is used for non-blocking I/O and is completed
during a write operation. (markt)
Modified: tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml?rev=1666395&r1=1666394&r2=1666395&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml Fri Mar 13 11:08:26 2015
@@ -306,6 +306,12 @@
associated with the server.</p>
</attribute>
+ <attribute name="allowedTrailerHeaders" required="false">
+ <p>By default Tomcat will ignore all trailer headers when processing
+ chunked input. For a header to be processed, it must be added to this
+ comma-separated list of header names.</p>
+ </attribute>
+
<attribute name="bindOnInit" required="false">
<p>Controls when the socket used by the connector is bound. By default it
is bound when the connector is initiated and unbound when the connector is
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org