You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/18 20:04:21 UTC
[tomcat] branch main updated: Make parsing of Content-Disposition headers more robust
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1902252416 Make parsing of Content-Disposition headers more robust
1902252416 is described below
commit 1902252416f63391461a4481bbd80360e1963ce7
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Aug 18 21:04:06 2022 +0100
Make parsing of Content-Disposition headers more robust
Invalid filename directives will now be ignored rather than triggering a
500 response.
---
java/org/apache/tomcat/util/http/parser/HttpParser.java | 5 +++++
test/org/apache/tomcat/util/http/parser/TestHttpParser.java | 8 ++++++++
webapps/docs/changelog.xml | 6 ++++++
3 files changed, 19 insertions(+)
diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index 2d21f02e68..4df0467194 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -218,6 +218,11 @@ public class HttpParser {
char c = input.charAt(i);
if (input.charAt(i) == '\\') {
i++;
+ if (i == end) {
+ // Input (less surrounding quotes) ended with '\'. That is
+ // invalid so return null.
+ return null;
+ }
result.append(input.charAt(i));
} else {
result.append(c);
diff --git a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
index eda10e3fa6..618b52010f 100644
--- a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
+++ b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
@@ -144,6 +144,14 @@ public class TestHttpParser {
}
+ @Test
+ public void testUnquoteInvalid01() {
+ // Note: Test string is also Java escaped
+ String shortText = "aaa\\";
+ Assert.assertNull(shortText, HttpParser.unquote(shortText));
+ }
+
+
@Test
public void testTokenStringNull() {
Assert.assertFalse(HttpParser.isToken(null));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2f247fdb66..84362426a0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -166,6 +166,12 @@
When processing HTTP/2 requests, reject requests containing multiple
<code>host</code> headers. (markt)
</fix>
+ <fix>
+ Make parsing of invalid filename directives in
+ <code>Content-Disposition</code> headers more robust. Invalid filename
+ directives will now be ignored rather than triggering a 500 response.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org