You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/18 20:04:27 UTC

[tomcat] branch 9.0.x updated: Make parsing of Content-Disposition headers more robust

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new f775e1c482 Make parsing of Content-Disposition headers more robust
f775e1c482 is described below

commit f775e1c482f55c3b13062607ef0a102afe397903
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Aug 18 21:04:06 2022 +0100

    Make parsing of Content-Disposition headers more robust
    
    Invalid filename directives will now be ignored rather than triggering a
    500 response.
---
 java/org/apache/tomcat/util/http/parser/HttpParser.java     | 5 +++++
 test/org/apache/tomcat/util/http/parser/TestHttpParser.java | 8 ++++++++
 webapps/docs/changelog.xml                                  | 6 ++++++
 3 files changed, 19 insertions(+)

diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index 2d21f02e68..4df0467194 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -218,6 +218,11 @@ public class HttpParser {
             char c = input.charAt(i);
             if (input.charAt(i) == '\\') {
                 i++;
+                if (i == end) {
+                    // Input (less surrounding quotes) ended with '\'. That is
+                    // invalid so return null.
+                    return null;
+                }
                 result.append(input.charAt(i));
             } else {
                 result.append(c);
diff --git a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
index eda10e3fa6..618b52010f 100644
--- a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
+++ b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
@@ -144,6 +144,14 @@ public class TestHttpParser {
     }
 
 
+    @Test
+    public void testUnquoteInvalid01() {
+        // Note: Test string is also Java escaped
+        String shortText = "aaa\\";
+        Assert.assertNull(shortText, HttpParser.unquote(shortText));
+    }
+
+
     @Test
     public void testTokenStringNull() {
         Assert.assertFalse(HttpParser.isToken(null));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b19c23fd7c..20f2898afe 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -166,6 +166,12 @@
         When processing HTTP/2 requests, reject requests containing multiple
         <code>host</code> headers. (markt)
       </fix>
+      <fix>
+        Make parsing of invalid filename directives in
+        <code>Content-Disposition</code> headers more robust. Invalid filename
+        directives will now be ignored rather than triggering a 500 response.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org