You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/09/13 16:06:44 UTC
[tomcat] branch 9.0.x updated: Correct a regression in the previous fix for BZ 66236
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new fe527f5a8b Correct a regression in the previous fix for BZ 66236
fe527f5a8b is described below
commit fe527f5a8b90ab42edc6d641108814ba6008d98d
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Sep 13 16:35:24 2022 +0100
Correct a regression in the previous fix for BZ 66236
https://bz.apache.org/bugzilla/show_bug.cgi?id=66236
---
java/org/apache/coyote/http11/Http11Processor.java | 2 +-
.../coyote/http11/filters/BufferedInputFilter.java | 37 ++++++++++++++--------
.../coyote/http11/filters/IdentityInputFilter.java | 6 +---
3 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index 83eea9df33..bb2e5d28cd 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -180,7 +180,7 @@ public class Http11Processor extends AbstractProcessor {
outputBuffer.addFilter(new VoidOutputFilter());
// Create and add buffered input filter
- inputBuffer.addFilter(new BufferedInputFilter());
+ inputBuffer.addFilter(new BufferedInputFilter(protocol.getMaxSwallowSize()));
// Create and add the gzip filters.
//inputBuffer.addFilter(new GzipInputFilter());
diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
index 7aa9f2da78..a091c92f3a 100644
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -33,13 +33,14 @@ import org.apache.tomcat.util.net.ApplicationBufferHandler;
*/
public class BufferedInputFilter implements InputFilter, ApplicationBufferHandler {
- // -------------------------------------------------------------- Constants
-
private static final String ENCODING_NAME = "buffered";
private static final ByteChunk ENCODING = new ByteChunk();
- // ----------------------------------------------------- Instance Variables
+ static {
+ ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1), 0, ENCODING_NAME.length());
+ }
+
// Use ByteChunk since it correctly handles the special buffer size of -1
// for maxSavePostSize.
@@ -48,15 +49,13 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
private InputBuffer buffer;
private boolean hasRead = false;
+ private final int maxSwallowSize;
- // ----------------------------------------------------- Static Initializer
- static {
- ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1),
- 0, ENCODING_NAME.length());
+ public BufferedInputFilter(int maxSwallowSize) {
+ this.maxSwallowSize = maxSwallowSize;
}
-
// --------------------------------------------------------- Public Methods
@@ -82,14 +81,24 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
*/
@Override
public void setRequest(Request request) {
- if (buffered.getLimit() == 0) {
- return;
- }
// save off the Request body
try {
- while (buffer.doRead(this) >= 0) {
- buffered.append(tempRead);
- tempRead = null;
+ if (buffered.getLimit() == 0) {
+ // Special case - ignore (swallow) body. Do so within a limit.
+ long swallowed = 0;
+ int read = 0;
+ while ((read = buffer.doRead(this)) >= 0) {
+ swallowed += read;
+ if (maxSwallowSize > -1 && swallowed > maxSwallowSize) {
+ // No need for i18n - this isn't going to get logged
+ throw new IOException("Ignored body exceeded maxSwallowSize");
+ }
+ }
+ } else {
+ while (buffer.doRead(this) >= 0) {
+ buffered.append(tempRead);
+ tempRead = null;
+ }
}
} catch(IOException | BufferOverflowException ioe) {
// No need for i18n - this isn't going to get logged anywhere
diff --git a/java/org/apache/coyote/http11/filters/IdentityInputFilter.java b/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
index a53e69be64..f89cee5eec 100644
--- a/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
@@ -34,20 +34,17 @@ import org.apache.tomcat.util.res.StringManager;
*/
public class IdentityInputFilter implements InputFilter, ApplicationBufferHandler {
- private static final StringManager sm = StringManager.getManager(
- IdentityInputFilter.class.getPackage().getName());
+ private static final StringManager sm = StringManager.getManager(IdentityInputFilter.class);
// -------------------------------------------------------------- Constants
-
protected static final String ENCODING_NAME = "identity";
protected static final ByteChunk ENCODING = new ByteChunk();
// ----------------------------------------------------- Static Initializer
-
static {
ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1),
0, ENCODING_NAME.length());
@@ -56,7 +53,6 @@ public class IdentityInputFilter implements InputFilter, ApplicationBufferHandle
// ----------------------------------------------------- Instance Variables
-
/**
* Content length.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org