You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2010/11/22 23:43:51 UTC
svn commit: r1037924 - in /tomcat/trunk: java/org/apache/coyote/
java/org/apache/coyote/http11/filters/
test/org/apache/coyote/http11/filters/ webapps/docs/ webapps/docs/config/
Author: kkolinko
Date: Mon Nov 22 22:43:51 2010
New Revision: 1037924
URL: http://svn.apache.org/viewvc?rev=1037924&view=rev
Log:
Impose a limit on the total length of the trailing headers.
Otherwise the ByteChunk buffer in the ChunkedInputFilter might grow unlimitedly.
Implemented as a system property. It might be better to implement it as an attribute of a connector (like maxPostSize and maxSavePostSize attributes are), but I am not sure that it is worth the effort.
Modified:
tomcat/trunk/java/org/apache/coyote/Constants.java
tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/trunk/java/org/apache/coyote/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/Constants.java?rev=1037924&r1=1037923&r2=1037924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/Constants.java (original)
+++ tomcat/trunk/java/org/apache/coyote/Constants.java Mon Nov 22 22:43:51 2010
@@ -69,4 +69,12 @@ public final class Constants {
"org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER",
"false")).booleanValue();
+ /**
+ * Limit on the total length of the trailer headers in
+ * a chunked HTTP request.
+ */
+ public static final int MAX_TRAILER_SIZE =
+ Integer.parseInt(System.getProperty(
+ "org.apache.coyote.MAX_TRAILER_SIZE",
+ "8192"));
}
Modified: tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1037924&r1=1037923&r2=1037924&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Mon Nov 22 22:43:51 2010
@@ -102,7 +102,14 @@ public class ChunkedInputFilter implemen
/**
* Byte chunk used to store trailing headers.
*/
- protected ByteChunk trailingHeaders = new ByteChunk();
+ protected ByteChunk trailingHeaders;
+
+ {
+ trailingHeaders = new ByteChunk();
+ if (org.apache.coyote.Constants.MAX_TRAILER_SIZE > 0) {
+ trailingHeaders.setLimit(org.apache.coyote.Constants.MAX_TRAILER_SIZE);
+ }
+ }
/**
Modified: tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java?rev=1037924&r1=1037923&r2=1037924&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java Mon Nov 22 22:43:51 2010
@@ -70,7 +70,52 @@ public class TestChunkedInputFilter exte
client.processRequest();
assertEquals("null7TestTestTest0123456789abcdefghijABCDEFGHIJopqrstuvwxyz", client.getResponseBody());
}
-
+
+ public void testTrailingHeadersSizeLimit() throws Exception {
+ // Setup Tomcat instance
+ Tomcat tomcat = getTomcatInstance();
+
+ // Must have a real docBase - just use temp
+ Context ctx =
+ tomcat.addContext("", System.getProperty("java.io.tmpdir"));
+
+ Tomcat.addServlet(ctx, "servlet", new EchoHeaderServlet());
+ ctx.addServletMapping("/", "servlet");
+
+ tomcat.start();
+
+ StringBuilder longText = new StringBuilder("Test1234567890");
+ while (longText.length() <= 8192) {
+ longText.append(longText.toString());
+ }
+
+ String[] request = new String[]{
+ "POST /echo-params.jsp HTTP/1.1" + SimpleHttpClient.CRLF +
+ "Host: any" + SimpleHttpClient.CRLF +
+ "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
+ "Content-Type: application/x-www-form-urlencoded" +
+ SimpleHttpClient.CRLF +
+ "Connection: close" + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF +
+ "3" + SimpleHttpClient.CRLF +
+ "a=0" + SimpleHttpClient.CRLF +
+ "4" + SimpleHttpClient.CRLF +
+ "&b=1" + SimpleHttpClient.CRLF +
+ "0" + SimpleHttpClient.CRLF +
+ "x-trailer: Test" + longText + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF };
+
+ TrailerClient client = new TrailerClient();
+ client.setPort(getPort());
+ client.setRequest(request);
+
+ client.connect();
+ client.processRequest();
+ // Expected to fail because the trailers are longer
+ // than the default limit of 8Kb
+ assertTrue(client.isResponse500());
+ }
+
public void testNoTrailingHeaders() throws Exception {
// Setup Tomcat instance
Tomcat tomcat = getTomcatInstance();
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1037924&r1=1037923&r2=1037924&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Nov 22 22:43:51 2010
@@ -167,6 +167,11 @@
<bug>49860</bug>: Complete support for handling trailing headers in
chunked HTTP requests. (markt)
</fix>
+ <add>
+ Impose a limit on the length of the trailing headers. The limit
+ is configurable with a system property and is <code>8192</code>
+ by default. (kkolinko)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1037924&r1=1037923&r2=1037924&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Mon Nov 22 22:43:51 2010
@@ -474,6 +474,13 @@
<p>If not specified, the default value of <code>false</code> will be used.</p>
</property>
+ <property name="org.apache.coyote.MAX_TRAILER_SIZE">
+ <p>Limits the total length of trailing headers in the last chunk of
+ a chunked HTTP request.
+ If the value is <code>-1</code>, no limit will be imposed.</p>
+ <p>If not specified, the default value of <code>8192</code> will be used.</p>
+ </property>
+
<property name="catalina.useNaming">
<p>If this is <code>false</code> it will override the
<code>useNaming</code> attribute for all <a href="context.html">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org