You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/03/26 19:31:25 UTC
svn commit: r1788771 - in /tomcat/trunk/java/org/apache/coyote/http2:
LocalStrings.properties Stream.java
Author: markt
Date: Sun Mar 26 19:31:25 2017
New Revision: 1788771
URL: http://svn.apache.org/viewvc?rev=1788771&view=rev
Log:
Additional header validation
Found with the h2spec tool written by Moto Ishizawa.
Modified:
tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
tomcat/trunk/java/org/apache/coyote/http2/Stream.java
Modified: tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties?rev=1788771&r1=1788770&r2=1788771&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Sun Mar 26 19:31:25 2017
@@ -74,10 +74,12 @@ pingManager.roundTripTime=Connection [{0
stream.closed=Connection [{0}], Stream [{1}], Unable to write to stream once it has been closed
stream.header.case=Connection [{0}], Stream [{1}], HTTP header name [{2}] must be in lower case
+stream.header.connection=Connection [{0}], Stream [{1}], HTTP header [connection] is not permitted in an HTTP/2 request
stream.header.debug=Connection [{0}], Stream [{1}], HTTP header [{2}], Value [{3}]
stream.header.duplicate=Connection [{0}], Stream [{1}], received multiple [{3}] headers
stream.header.noPath=Connection [{0}], Stream [{1}], The [:path] pseudo header was empty
stream.header.required=Connection [{0}], Stream [{1}], One or more required headers was missing
+stream.header.te=Connection [{0}], Stream [{1}], HTTP header [te] is not permitted tohave the value [{2}] in an HTTP/2 request
stream.header.unexpectedPseudoHeader=Connection [{0}], Stream [{1}], Pseudo header [{2}] received after a regular header
stream.header.unknownPseudoHeader=Connection [{0}], Stream [{1}], Unknown pseudo header [{2}] received
stream.notWritable=Connection [{0}], Stream [{1}], This stream is not writable
Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1788771&r1=1788770&r2=1788771&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Sun Mar 26 19:31:25 2017
@@ -233,6 +233,18 @@ class Stream extends AbstractStream impl
getConnectionId(), getIdentifier(), name));
}
+ if ("connection".equals(name)) {
+ throw new HpackException(sm.getString("stream.header.connection",
+ getConnectionId(), getIdentifier()));
+ }
+
+ if ("te".equals(name)) {
+ if (!"trailers".equals(value)) {
+ throw new HpackException(sm.getString("stream.header.te",
+ getConnectionId(), getIdentifier(), value));
+ }
+ }
+
if (headerStateErrorMsg != null) {
// Don't bother processing the header since the stream is going to
// be reset anyway
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1788771 - in
/tomcat/trunk/java/org/apache/coyote/http2: LocalStrings.properties
Stream.java
Posted by Mark Thomas <ma...@apache.org>.
On 26/03/17 20:37, Martin Grigorov wrote:
>> Author: markt
>> Date: Sun Mar 26 19:31:25 2017
>> New Revision: 1788771
<snip/>
> Small typo in "tohave" - misses space.
Thanks for pointing that out. Fixed.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1788771 - in /tomcat/trunk/java/org/apache/coyote/http2:
LocalStrings.properties Stream.java
Posted by Martin Grigorov <mg...@apache.org>.
Hi Mark,
On Sun, Mar 26, 2017 at 9:31 PM, <ma...@apache.org> wrote:
> Author: markt
> Date: Sun Mar 26 19:31:25 2017
> New Revision: 1788771
>
> URL: http://svn.apache.org/viewvc?rev=1788771&view=rev
> Log:
> Additional header validation
> Found with the h2spec tool written by Moto Ishizawa.
>
> Modified:
> tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
> tomcat/trunk/java/org/apache/coyote/http2/Stream.java
>
> Modified: tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.
> properties
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/
> coyote/http2/LocalStrings.properties?rev=1788771&r1=
> 1788770&r2=1788771&view=diff
> ============================================================
> ==================
> --- tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
> (original)
> +++ tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Sun
> Mar 26 19:31:25 2017
> @@ -74,10 +74,12 @@ pingManager.roundTripTime=Connection [{0
>
> stream.closed=Connection [{0}], Stream [{1}], Unable to write to stream
> once it has been closed
> stream.header.case=Connection [{0}], Stream [{1}], HTTP header name [{2}]
> must be in lower case
> +stream.header.connection=Connection [{0}], Stream [{1}], HTTP header
> [connection] is not permitted in an HTTP/2 request
> stream.header.debug=Connection [{0}], Stream [{1}], HTTP header [{2}],
> Value [{3}]
> stream.header.duplicate=Connection [{0}], Stream [{1}], received
> multiple [{3}] headers
> stream.header.noPath=Connection [{0}], Stream [{1}], The [:path] pseudo
> header was empty
> stream.header.required=Connection [{0}], Stream [{1}], One or more
> required headers was missing
> +stream.header.te=Connection [{0}], Stream [{1}], HTTP header [te] is not
> permitted tohave the value [{2}] in an HTTP/2 request
>
Small typo in "tohave" - misses space.
> stream.header.unexpectedPseudoHeader=Connection [{0}], Stream [{1}],
> Pseudo header [{2}] received after a regular header
> stream.header.unknownPseudoHeader=Connection [{0}], Stream [{1}],
> Unknown pseudo header [{2}] received
> stream.notWritable=Connection [{0}], Stream [{1}], This stream is not
> writable
>
> Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/
> coyote/http2/Stream.java?rev=1788771&r1=1788770&r2=1788771&view=diff
> ============================================================
> ==================
> --- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original)
> +++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Sun Mar 26
> 19:31:25 2017
> @@ -233,6 +233,18 @@ class Stream extends AbstractStream impl
> getConnectionId(), getIdentifier(), name));
> }
>
> + if ("connection".equals(name)) {
> + throw new HpackException(sm.getString("
> stream.header.connection",
> + getConnectionId(), getIdentifier()));
> + }
> +
> + if ("te".equals(name)) {
> + if (!"trailers".equals(value)) {
> + throw new HpackException(sm.getString("stream.header.te",
> + getConnectionId(), getIdentifier(), value));
> + }
> + }
> +
> if (headerStateErrorMsg != null) {
> // Don't bother processing the header since the stream is
> going to
> // be reset anyway
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>