You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/09/01 06:20:21 UTC
[tomcat] branch 9.0.x updated: Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 4842db6be9 Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
4842db6be9 is described below
commit 4842db6be91d7efec7ca1e41660b6b06a18b6cdc
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 1 07:04:49 2022 +0100
Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
---
.../coyote/http11/filters/BufferedInputFilter.java | 27 ++++++++++++----------
.../org/apache/tomcat/util/net/TestClientCert.java | 18 +++++++++++++--
webapps/docs/changelog.xml | 8 ++++++-
3 files changed, 38 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
index 7e88a1c352..5bfe6c9c61 100644
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -41,7 +41,9 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
// ----------------------------------------------------- Instance Variables
- private ByteBuffer buffered;
+ // Use ByteChunk since it correctly handles the special buffer size of -1
+ // for maxSavePostSize.
+ private ByteChunk buffered;
private ByteBuffer tempRead;
private InputBuffer buffer;
private boolean hasRead = false;
@@ -66,8 +68,8 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
*/
public void setLimit(int limit) {
if (buffered == null) {
- buffered = ByteBuffer.allocate(limit);
- buffered.flip();
+ buffered = new ByteChunk();
+ buffered.setLimit(limit);
}
}
@@ -80,12 +82,13 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
*/
@Override
public void setRequest(Request request) {
+ if (buffered.getLimit() == 0) {
+ return;
+ }
// save off the Request body
try {
while (buffer.doRead(this) >= 0) {
- buffered.mark().position(buffered.limit()).limit(buffered.capacity());
- buffered.put(tempRead);
- buffered.limit(buffered.position()).reset();
+ buffered.append(tempRead);
tempRead = null;
}
} catch(IOException | BufferOverflowException ioe) {
@@ -104,9 +107,9 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
return -1;
}
- handler.setByteBuffer(buffered);
+ handler.setByteBuffer(ByteBuffer.wrap(buffered.getBuffer(), buffered.getStart(), buffered.getLength()));
hasRead = true;
- return buffered.remaining();
+ return buffered.getLength();
}
@Override
@@ -117,10 +120,10 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
@Override
public void recycle() {
if (buffered != null) {
- if (buffered.capacity() > 65536) {
+ if (buffered.getBuffer().length > 65536) {
buffered = null;
} else {
- buffered.position(0).limit(0);
+ buffered.recycle();
}
}
hasRead = false;
@@ -139,7 +142,7 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
@Override
public int available() {
- int available = buffered.remaining();
+ int available = buffered.getLength();
if (available == 0) {
// No data buffered here. Try the next filter in the chain.
return buffer.available();
@@ -151,7 +154,7 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
@Override
public boolean isFinished() {
- return hasRead || buffered.remaining() <= 0;
+ return hasRead || buffered.getLength() <= 0;
}
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java b/test/org/apache/tomcat/util/net/TestClientCert.java
index c581b210c9..89a42ceb5e 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -97,6 +97,13 @@ public class TestClientCert extends TomcatBaseTest {
Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
}
+ @Test
+ public void testClientCertPostZero() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ tomcat.getConnector().setMaxSavePostSize(0);
+ doTestClientCertPost(1024, false);
+ }
+
@Test
public void testClientCertPostSmaller() throws Exception {
Tomcat tomcat = getTomcatInstance();
@@ -123,7 +130,8 @@ public class TestClientCert extends TomcatBaseTest {
Assume.assumeTrue("SSL renegotiation has to be supported for this test",
TesterSupport.isRenegotiationSupported(getTomcatInstance()));
- getTomcatInstance().start();
+ Tomcat tomcat = getTomcatInstance();
+ tomcat.start();
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
@@ -162,10 +170,16 @@ public class TestClientCert extends TomcatBaseTest {
// POST body buffer fails so TLS handshake never happens
Assert.assertEquals(0, count);
} else {
+ int expectedBodySize;
+ if (tomcat.getConnector().getMaxSavePostSize() == 0) {
+ expectedBodySize = 0;
+ } else {
+ expectedBodySize = bodySize;
+ }
Assert.assertTrue("Checking requested client issuer against " +
TesterSupport.getClientAuthExpectedIssuer(),
TesterSupport.checkLastClientAuthRequestedIssuers());
- Assert.assertEquals("OK-" + bodySize, res.toString());
+ Assert.assertEquals("OK-" + expectedBodySize, res.toString());
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 70eb12e173..4e89b0da37 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -205,7 +205,13 @@
</fix>
<fix>
<bug>66240</bug>: Avoid int overflow when parsing octets by limiting
- the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr. (lihan)
+ the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr.
+ (lihan)
+ </fix>
+ <fix>
+ <bug>66236</bug>: Implement support for the special values zero and
+ minus one when configuring <code>maxSavePostSize</code> for a Connector
+ when used in conjunction with TLS renegotiation. (markt)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org