You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/01 16:17:08 UTC
[tomcat] branch 8.5.x updated: Improve handling of HTTP TRACE requests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7524b3142e Improve handling of HTTP TRACE requests
7524b3142e is described below
commit 7524b3142e61b769de75fa4812f8aa1d7087612f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Aug 1 17:15:08 2022 +0100
Improve handling of HTTP TRACE requests
---
java/javax/servlet/http/HttpServlet.java | 17 ++++-----
test/javax/servlet/http/TestHttpServlet.java | 52 ++++++++++++++++++++++++++++
webapps/docs/changelog.xml | 8 +++++
3 files changed, 69 insertions(+), 8 deletions(-)
diff --git a/java/javax/servlet/http/HttpServlet.java b/java/javax/servlet/http/HttpServlet.java
index 2289b70cb2..99906002b6 100644
--- a/java/javax/servlet/http/HttpServlet.java
+++ b/java/javax/servlet/http/HttpServlet.java
@@ -587,9 +587,7 @@ public abstract class HttpServlet extends GenericServlet {
* @exception ServletException if the request for the
* TRACE cannot be handled
*/
- protected void doTrace(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException
- {
+ protected void doTrace(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
int responseLength;
@@ -597,12 +595,15 @@ public abstract class HttpServlet extends GenericServlet {
StringBuilder buffer =
new StringBuilder("TRACE ").append(req.getRequestURI()).append(" ").append(req.getProtocol());
- Enumeration<String> reqHeaderEnum = req.getHeaderNames();
+ Enumeration<String> reqHeaderNames = req.getHeaderNames();
- while( reqHeaderEnum.hasMoreElements() ) {
- String headerName = reqHeaderEnum.nextElement();
- buffer.append(CRLF).append(headerName).append(": ")
- .append(req.getHeader(headerName));
+ while (reqHeaderNames.hasMoreElements()) {
+ String headerName = reqHeaderNames.nextElement();
+ Enumeration<String> headerValues = req.getHeaders(headerName);
+ while (headerValues.hasMoreElements()) {
+ String headerValue = headerValues.nextElement();
+ buffer.append(CRLF).append(headerName).append(": ").append(headerValue);
+ }
}
buffer.append(CRLF);
diff --git a/test/javax/servlet/http/TestHttpServlet.java b/test/javax/servlet/http/TestHttpServlet.java
index fbea9e643f..39f3707800 100644
--- a/test/javax/servlet/http/TestHttpServlet.java
+++ b/test/javax/servlet/http/TestHttpServlet.java
@@ -40,6 +40,7 @@ import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.collections.CaseInsensitiveKeyMap;
+import org.apache.tomcat.util.net.TesterSupport.SimpleServlet;
public class TestHttpServlet extends TomcatBaseTest {
@@ -293,6 +294,57 @@ public class TestHttpServlet extends TomcatBaseTest {
}
+ @Test
+ public void testTrace() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ tomcat.getConnector().setAllowTrace(true);
+
+ // No file system docBase required
+ StandardContext ctx = (StandardContext) tomcat.addContext("", null);
+
+ // Map the test Servlet
+ Tomcat.addServlet(ctx, "servlet", new SimpleServlet());
+ ctx.addServletMappingDecoded("/", "servlet");
+
+ tomcat.start();
+
+ TraceClient client = new TraceClient();
+ client.setPort(getPort());
+ client.setRequest(new String[] {
+ "TRACE / HTTP/1.1" + SimpleHttpClient.CRLF +
+ "Host: localhost:" + getPort() + SimpleHttpClient.CRLF +
+ "X-aaa: a1, a2" + SimpleHttpClient.CRLF +
+ "X-aaa: a3" + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF});
+ client.setUseContentLength(true);
+
+ client.connect();
+ client.sendRequest();
+ client.readResponse(true);
+
+ String body = client.getResponseBody();
+
+ System.out.println(body);
+
+ Assert.assertTrue(client.getResponseLine(), client.isResponse200());
+ // Far from perfect but good enough
+ Assert.assertTrue(body.contains("a1"));
+ Assert.assertTrue(body.contains("a2"));
+ Assert.assertTrue(body.contains("a3"));
+
+ client.disconnect();
+ }
+
+
+ private static final class TraceClient extends SimpleHttpClient {
+
+ @Override
+ public boolean isResponseBodyOK() {
+ return true;
+ }
+ }
+
+
private class Client extends SimpleHttpClient {
public Client(String request, boolean isHttp09) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 50e066e9ae..2483ac823f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 8.5.82 (schultz)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Correct handling of HTTP TRACE requests where there are multiple
+ instances of an HTTP header with the same name. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<add>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org