You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/09/01 06:16:59 UTC

[tomcat] branch main updated: Implement maxSavePostSize support for 0 and -1 with TLS renegotiation

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 8bb7c0980a Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
8bb7c0980a is described below

commit 8bb7c0980adfebe65ba23c1eedaa3408d472ca0a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 1 07:04:49 2022 +0100

    Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
---
 .../coyote/http11/filters/BufferedInputFilter.java | 27 ++++++++++++----------
 .../org/apache/tomcat/util/net/TestClientCert.java | 18 +++++++++++++--
 webapps/docs/changelog.xml                         |  8 ++++++-
 3 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
index 7e88a1c352..5bfe6c9c61 100644
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -41,7 +41,9 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
 
     // ----------------------------------------------------- Instance Variables
 
-    private ByteBuffer buffered;
+    // Use ByteChunk since it correctly handles the special buffer size of -1
+    // for maxSavePostSize.
+    private ByteChunk buffered;
     private ByteBuffer tempRead;
     private InputBuffer buffer;
     private boolean hasRead = false;
@@ -66,8 +68,8 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
      */
     public void setLimit(int limit) {
         if (buffered == null) {
-            buffered = ByteBuffer.allocate(limit);
-            buffered.flip();
+            buffered = new ByteChunk();
+            buffered.setLimit(limit);
         }
     }
 
@@ -80,12 +82,13 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
      */
     @Override
     public void setRequest(Request request) {
+        if (buffered.getLimit() == 0) {
+            return;
+        }
         // save off the Request body
         try {
             while (buffer.doRead(this) >= 0) {
-                buffered.mark().position(buffered.limit()).limit(buffered.capacity());
-                buffered.put(tempRead);
-                buffered.limit(buffered.position()).reset();
+                buffered.append(tempRead);
                 tempRead = null;
             }
         } catch(IOException | BufferOverflowException ioe) {
@@ -104,9 +107,9 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
             return -1;
         }
 
-        handler.setByteBuffer(buffered);
+        handler.setByteBuffer(ByteBuffer.wrap(buffered.getBuffer(), buffered.getStart(), buffered.getLength()));
         hasRead = true;
-        return buffered.remaining();
+        return buffered.getLength();
     }
 
     @Override
@@ -117,10 +120,10 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
     @Override
     public void recycle() {
         if (buffered != null) {
-            if (buffered.capacity() > 65536) {
+            if (buffered.getBuffer().length > 65536) {
                 buffered = null;
             } else {
-                buffered.position(0).limit(0);
+                buffered.recycle();
             }
         }
         hasRead = false;
@@ -139,7 +142,7 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
 
     @Override
     public int available() {
-        int available = buffered.remaining();
+        int available = buffered.getLength();
         if (available == 0) {
             // No data buffered here. Try the next filter in the chain.
             return buffer.available();
@@ -151,7 +154,7 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
 
     @Override
     public boolean isFinished() {
-        return hasRead || buffered.remaining() <= 0;
+        return hasRead || buffered.getLength() <= 0;
     }
 
 
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java b/test/org/apache/tomcat/util/net/TestClientCert.java
index bc3aac1308..4a813307f8 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -126,6 +126,13 @@ public class TestClientCert extends TomcatBaseTest {
         Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
     }
 
+    @Test
+    public void testClientCertPostZero() throws Exception {
+        Tomcat tomcat = getTomcatInstance();
+        tomcat.getConnector().setMaxSavePostSize(0);
+        doTestClientCertPost(1024, false);
+    }
+
     @Test
     public void testClientCertPostSmaller() throws Exception {
         Tomcat tomcat = getTomcatInstance();
@@ -149,7 +156,8 @@ public class TestClientCert extends TomcatBaseTest {
 
     private void doTestClientCertPost(int bodySize, boolean expectProtectedFail)
             throws Exception {
-        getTomcatInstance().start();
+        Tomcat tomcat = getTomcatInstance();
+        tomcat.start();
 
         byte[] body = new byte[bodySize];
         Arrays.fill(body, TesterSupport.DATA);
@@ -188,10 +196,16 @@ public class TestClientCert extends TomcatBaseTest {
             // POST body buffer fails so TLS handshake never happens
             Assert.assertEquals(0, count);
         } else {
+            int expectedBodySize;
+            if (tomcat.getConnector().getMaxSavePostSize() == 0) {
+                expectedBodySize = 0;
+            } else {
+                expectedBodySize = bodySize;
+            }
             Assert.assertTrue("Checking requested client issuer against " +
                     TesterSupport.getClientAuthExpectedIssuer(),
                     TesterSupport.checkLastClientAuthRequestedIssuers());
-            Assert.assertEquals("OK-" + bodySize, res.toString());
+            Assert.assertEquals("OK-" + expectedBodySize, res.toString());
         }
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 17818032ed..b06de6395e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -205,7 +205,13 @@
       </fix>
       <fix>
         <bug>66240</bug>: Avoid int overflow when parsing octets by limiting
-        the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr. (lihan)
+        the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr.
+        (lihan)
+      </fix>
+      <fix>
+        <bug>66236</bug>: Implement support for the special values zero and
+        minus one when configuring <code>maxSavePostSize</code> for a Connector
+        when used in conjunction with TLS renegotiation. (markt)
       </fix>
     </changelog>
   </subsection>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org