You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/04/02 14:49:35 UTC
svn commit: r1670895 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/coyote/Constants.java
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
webapps/docs/config/systemprops.xml
Author: markt
Date: Thu Apr 2 12:49:34 2015
New Revision: 1670895
URL: http://svn.apache.org/r1670895
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57570
Make processing of chunked encoding trailers an opt-in feature
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1670895&r1=1670894&r2=1670895&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 2 12:49:34 2015
@@ -36,14 +36,6 @@ PATCHES PROPOSED TO BACKPORT:
-1:
-* Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57570
- Make processing of chunked encoding trailers an opt-in feature
- http://svn.apache.org/r1666396
- http://svn.apache.org/r1666407
- +1: markt, remm, kkolinko
- -1:
-
-
PATCHES/ISSUES THAT ARE STALLED:
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44312
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java?rev=1670895&r1=1670894&r2=1670895&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/Constants.java Thu Apr 2 12:49:34 2015
@@ -17,7 +17,10 @@
package org.apache.coyote;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.Locale;
+import java.util.Set;
/**
* Constants.
@@ -94,4 +97,23 @@ public final class Constants {
Integer.parseInt(System.getProperty(
"org.apache.coyote.MAX_SWALLOW_SIZE",
"2097152"));
+
+ public static final Set<String> ALLOWED_TRAILER_HEADERS;
+
+
+ static {
+ String commaSeparatedHeaders =
+ System.getProperty("org.apache.coyote.ALLOWED_TRAILER_HEADERS");
+ Set<String> headerSet = new HashSet<String>();
+ if (commaSeparatedHeaders != null) {
+ String[] headers = commaSeparatedHeaders.split(",");
+ for (String header : headers) {
+ String trimmedHeader = header.trim().toLowerCase(Locale.ENGLISH);
+ if (trimmedHeader.length() > 0) {
+ headerSet.add(trimmedHeader);
+ }
+ }
+ }
+ ALLOWED_TRAILER_HEADERS = Collections.unmodifiableSet(headerSet);
+ }
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1670895&r1=1670894&r2=1670895&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Thu Apr 2 12:49:34 2015
@@ -18,10 +18,10 @@ package org.apache.coyote.http11.filters
import java.io.EOFException;
import java.io.IOException;
+import java.util.Locale;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.HexUtils;
-
import org.apache.coyote.InputBuffer;
import org.apache.coyote.Request;
import org.apache.coyote.http11.Constants;
@@ -450,7 +450,7 @@ public class ChunkedInputFilter implemen
}
// Mark the current buffer position
- int start = trailingHeaders.getEnd();
+ int startPos = trailingHeaders.getEnd();
//
// Reading the header name
@@ -481,12 +481,8 @@ public class ChunkedInputFilter implemen
pos++;
}
- MessageBytes headerValue = headers.addValue(trailingHeaders.getBytes(),
- start, trailingHeaders.getEnd() - start);
-
- // Mark the current buffer position
- start = trailingHeaders.getEnd();
-
+ int colonPos = trailingHeaders.getEnd();
+
//
// Reading the header value (which can be spanned over multiple lines)
//
@@ -575,10 +571,18 @@ public class ChunkedInputFilter implemen
}
- // Set the header value
- headerValue.setBytes(trailingHeaders.getBytes(), start,
- lastSignificantChar - start);
-
+ String headerName = new String(trailingHeaders.getBytes(), startPos,
+ colonPos - startPos, "ISO_8859_1");
+
+ if (org.apache.coyote.Constants.ALLOWED_TRAILER_HEADERS.contains(
+ headerName.trim().toLowerCase(Locale.ENGLISH))) {
+ MessageBytes headerValue = headers.addValue(headerName);
+
+ // Set the header value
+ headerValue.setBytes(trailingHeaders.getBytes(), colonPos,
+ lastSignificantChar - colonPos);
+ }
+
return true;
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml?rev=1670895&r1=1670894&r2=1670895&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml Thu Apr 2 12:49:34 2015
@@ -426,6 +426,14 @@
<properties>
+ <property name="org.apache.coyote.ALLOWED_TRAILER_HEADERS">
+ <p>Limits the names of trailing headers that will be accepted in the last
+ chunk of a chunked HTTP request. The property should be set to a comma
+ separated list of acceptable headers. Trailing headers not in the list
+ will be ignored.</p>
+ <p>If not specified, the default value of no headers will be used.</p>
+ </property>
+
<property name="org.apache.coyote.MAX_EXTENSION_SIZE">
<p>Limits the total length of extension data when using chunked encoding.
If the value is <code>-1</code>, no limit will be imposed.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org