You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/10/17 17:46:29 UTC
[tomcat] branch 8.5.x updated (8c789b3 -> dcb77df)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 8c789b3 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63824
new 9ec7f00 Simplify on the grounds all tokens of interest are case-insensitive
new dcb77df Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
java/org/apache/coyote/http11/Http11Processor.java | 27 +++++--------------
.../apache/tomcat/util/http/parser/TokenList.java | 31 ++--------------------
webapps/docs/changelog.xml | 5 ++++
3 files changed, 13 insertions(+), 50 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: Simplify on the grounds all tokens of interest are
case-insensitive
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 9ec7f008c89c9bfe533ce77cde7781260c3d1204
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Oct 17 17:39:35 2019 +0100
Simplify on the grounds all tokens of interest are case-insensitive
---
.../apache/tomcat/util/http/parser/TokenList.java | 31 ++--------------------
1 file changed, 2 insertions(+), 29 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/TokenList.java b/java/org/apache/tomcat/util/http/parser/TokenList.java
index 49e50a5..ca5e153 100644
--- a/java/org/apache/tomcat/util/http/parser/TokenList.java
+++ b/java/org/apache/tomcat/util/http/parser/TokenList.java
@@ -39,25 +39,6 @@ public class TokenList {
* @throws IOException If an I/O error occurs reading the header
*/
public static void parseTokenList(Reader input, Collection<String> result) throws IOException {
- parseTokenList(input, true, result);
- }
-
-
- /**
- * Parses a header of the form 1#token.
- *
- * @param input The header to parse
- * @param forceLowerCase Should parsed tokens be forced to lower case? This
- * is intended for headers where the values are
- * case-insensitive
- * @param result The Collection (usually a list of a set) to which
- * the parsed token should be added
- *
- * @throws IOException If an I/O error occurs reading the header
- */
- public static void parseTokenList(Reader input, boolean forceLowerCase, Collection<String> result)
- throws IOException {
-
do {
String fieldName = HttpParser.readToken(input);
if (fieldName == null) {
@@ -74,18 +55,10 @@ public class TokenList {
SkipResult skipResult = HttpParser.skipConstant(input, ",");
if (skipResult == SkipResult.EOF) {
// EOF
- if (forceLowerCase) {
- result.add(fieldName.toLowerCase(Locale.ENGLISH));
- } else {
- result.add(fieldName);
- }
+ result.add(fieldName.toLowerCase(Locale.ENGLISH));
break;
} else if (skipResult == SkipResult.FOUND) {
- if (forceLowerCase) {
- result.add(fieldName.toLowerCase(Locale.ENGLISH));
- } else {
- result.add(fieldName);
- }
+ result.add(fieldName.toLowerCase(Locale.ENGLISH));
continue;
} else {
// Not a token - ignore it
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Fix
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit dcb77df35005cbb1063bbda4149caf83f6bc46fb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Oct 17 18:41:38 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
The expect header has a single defined value "100-continue" so look for
the exact value rather than a value that starts with "100-continue"
When looking for the "upgrade" token, use an exact match rather than
looking for any token then contains "upgrade"
---
java/org/apache/coyote/http11/Http11Processor.java | 27 +++++-----------------
webapps/docs/changelog.xml | 5 ++++
2 files changed, 11 insertions(+), 21 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index 10c8709..c5df631 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -737,16 +737,7 @@ public class Http11Processor extends AbstractProcessor {
}
// Has an upgrade been requested?
- Enumeration<String> connectionValues = request.getMimeHeaders().values("Connection");
- boolean foundUpgrade = false;
- while (connectionValues.hasMoreElements() && !foundUpgrade) {
- String connectionValue = connectionValues.nextElement();
- if (connectionValue != null) {
- foundUpgrade = connectionValue.toLowerCase(Locale.ENGLISH).contains("upgrade");
- }
- }
-
- if (foundUpgrade) {
+ if (isConnectionToken(request.getMimeHeaders(), "upgrade")) {
// Check the protocol
String requestedProtocol = request.getHeader("Upgrade");
@@ -1009,7 +1000,7 @@ public class Http11Processor extends AbstractProcessor {
if (http11) {
MessageBytes expectMB = headers.getValue("expect");
if (expectMB != null && !expectMB.isNull()) {
- if (expectMB.indexOfIgnoreCase("100-continue", 0) != -1) {
+ if (expectMB.toString().trim().equalsIgnoreCase("100-continue")) {
inputBuffer.setSwallowInput(false);
request.setExpectation(true);
} else {
@@ -1301,7 +1292,7 @@ public class Http11Processor extends AbstractProcessor {
}
long contentLength = response.getContentLengthLong();
- boolean connectionClosePresent = isConnectionClose(headers);
+ boolean connectionClosePresent = isConnectionToken(headers, Constants.CLOSE);
if (contentLength != -1) {
headers.setValue("Content-Length").setLong(contentLength);
outputBuffer.addActiveFilter
@@ -1404,25 +1395,19 @@ public class Http11Processor extends AbstractProcessor {
outputBuffer.commit();
}
- private static boolean isConnectionClose(MimeHeaders headers) throws IOException {
+ private static boolean isConnectionToken(MimeHeaders headers, String token) throws IOException {
MessageBytes connection = headers.getValue(Constants.CONNECTION);
if (connection == null) {
return false;
}
Enumeration<String> values = headers.values(Constants.CONNECTION);
- Set<String> result = null;
+ Set<String> result = new HashSet<>();
while (values.hasMoreElements()) {
- if (result == null) {
- result = new HashSet<>();
- }
TokenList.parseTokenList(new StringReader(values.nextElement()), result);
}
- if (result == null) {
- return false;
- }
- return result.contains(Constants.CLOSE);
+ return result.contains(token);
}
private void prepareSendfile(OutputFilter[] outputFilters) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3d083d3..fa45ae4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -68,6 +68,11 @@
that started asynchronous processing has completed processing the
current request/response. (markt)
</fix>
+ <fix>
+ <bug>63825</bug>: When processing the <code>Expect</code> and
+ <code>Connection</code> HTTP headers looking for a specific token, be
+ stricter in ensuring that the exact token is present. (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org