You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/18 20:05:59 UTC
[tomcat] branch 8.5.x updated: Make parsing of Content-Disposition headers more robust
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 9595fcdecb Make parsing of Content-Disposition headers more robust
9595fcdecb is described below
commit 9595fcdecbbe7ce3a8065fc8959250722b6fec95
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Aug 18 21:04:06 2022 +0100
Make parsing of Content-Disposition headers more robust
Invalid filename directives will now be ignored rather than triggering a
500 response.
---
java/org/apache/tomcat/util/http/parser/HttpParser.java | 5 +++++
test/org/apache/tomcat/util/http/parser/TestHttpParser.java | 8 ++++++++
webapps/docs/changelog.xml | 10 ++++++++++
3 files changed, 23 insertions(+)
diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index 3dbd935d2a..2b6dae5264 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -238,6 +238,11 @@ public class HttpParser {
char c = input.charAt(i);
if (input.charAt(i) == '\\') {
i++;
+ if (i == end) {
+ // Input (less surrounding quotes) ended with '\'. That is
+ // invalid so return null.
+ return null;
+ }
result.append(input.charAt(i));
} else {
result.append(c);
diff --git a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
index d157014339..c56022424a 100644
--- a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
+++ b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
@@ -25,6 +25,14 @@ public class TestHttpParser {
public void testTokenDel() {
Assert.assertFalse("DEL is not a token", HttpParser.isToken(127));
}
+ @Test
+ public void testUnquoteInvalid01() {
+ // Note: Test string is also Java escaped
+ String shortText = "aaa\\";
+ Assert.assertNull(shortText, HttpParser.unquote(shortText));
+ }
+
+
@Test
public void testTokenStringNull() {
Assert.assertFalse(HttpParser.isToken(null));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4cdaf869cc..b97009f8f3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,16 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Make parsing of invalid filename directives in
+ <code>Content-Disposition</code> headers more robust. Invalid filename
+ directives will now be ignored rather than triggering a 500 response.
+ (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Jasper">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org