You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by fh...@apache.org on 2008/01/16 18:47:57 UTC
svn commit: r612529 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/catalina/CometProcessor.java
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
webapps/docs/changelog.xml
Author: fhanik
Date: Wed Jan 16 09:47:51 2008
New Revision: 612529
URL: http://svn.apache.org/viewvc?rev=612529&view=rev
Log:
Update with more fixes
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/CometProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=612529&r1=612528&r2=612529&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Jan 16 09:47:51 2008
@@ -31,20 +31,6 @@
+1: jfclere
-1: fhanik - Can we add the 'package' directive to make the package match the dir structure
- CometProcessor should implement the Servlet interface, since it is defined in web.xml
- http://people.apache.org/~fhanik/patches/comet-interface.patch
- +1: fhanik, markt, pero
- -1:
-
- Fix for http://issues.apache.org/bugzilla/show_bug.cgi?id=11117 regression
- The ratio of when needCRLFParse=true vs direct parseCRLF is low:high, meaning
- The original fix for Comet not needing to block will be 95% satisfied
- This fix also corrects the CRLF parsing, previously both CRCRLF and just LF
- would have been valid as well, but they are not
- http://people.apache.org/~fhanik/patches/fix-bz11117-alt-1.patch
- +1: fhanik, markt, pero
- -1:
-
Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=43692
Clean up build files. Patch by Paul Shemansky
http://svn.apache.org/viewvc?rev=610157&view=rev
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/CometProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/CometProcessor.java?rev=612529&r1=612528&r2=612529&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/CometProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/CometProcessor.java Wed Jan 16 09:47:51 2008
@@ -21,6 +21,7 @@
import java.io.IOException;
import javax.servlet.ServletException;
+import javax.servlet.Servlet;
/**
* This interface should be implemented by servlets which would like to handle
@@ -29,7 +30,7 @@
* Note: When this interface is implemented, the service method of the servlet will
* never be called, and will be replaced with a begin event.
*/
-public interface CometProcessor {
+public interface CometProcessor extends Servlet{
/**
* Process the given Comet event.
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=612529&r1=612528&r2=612529&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Wed Jan 16 09:47:51 2008
@@ -154,7 +154,14 @@
chunk.setBytes(buf, pos, remaining);
pos = pos + remaining;
remaining = 0;
- parseCRLF(); //a chunk should end with CRLF
+ //we need a CRLF
+ if ((pos+1) >= lastValid) {
+ //if we call parseCRLF we overrun the buffer here
+ //so we defer it to the next call BZ 11117
+ needCRLFParse = true;
+ } else {
+ parseCRLF(); //parse the CRLF immediately
+ }
}
return result;
@@ -311,6 +318,7 @@
throws IOException {
boolean eol = false;
+ boolean crfound = false;
while (!eol) {
@@ -320,7 +328,10 @@
}
if (buf[pos] == Constants.CR) {
+ if (crfound) throw new IOException("Invalid CRLF, two CR characters encountered.");
+ crfound = true;
} else if (buf[pos] == Constants.LF) {
+ if (!crfound) throw new IOException("Invalid CRLF, no CR character encountered.");
eol = true;
} else {
throw new IOException("Invalid CRLF");
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=612529&r1=612528&r2=612529&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Jan 16 09:47:51 2008
@@ -35,6 +35,16 @@
<section name="Tomcat 6.0.16 (remm)">
<subsection name="General">
<changelog>
+ <update>
+ Change chunked input parsing, always parse CRLF directly after a chunk has been
+ received, except if data is not available. If data is not available for CRLF
+ parsing, we run into BZ 11117, and must defer the parsing of CRLF to the next read event.
+ This fixes the incorrect blocking when using CometProcessor and the draining data during the READ event
+ where it before would block incorrectly waiting for the next chunk (fhanik)
+ </update>
+ <update>
+ The CometProcessor interface now extends the javax.servlet.Servlet interface(fhanik)
+ </update>
<fix>
Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org