You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/11/01 14:09:57 UTC
svn commit: r1195977 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/catalina/connector/ java/org/apache/tomcat/util/http/
test/org/apache/tomcat/util/http/
Author: markt
Date: Tue Nov 1 13:09:56 2011
New Revision: 1195977
URL: http://svn.apache.org/viewvc?rev=1195977&view=rev
Log:
Extend the parameter limits to multi-part processing
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/TestParameters.java
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Nov 1 13:09:56 2011
@@ -1 +1 @@
-/tomcat/trunk:1156115,1156171,1156276,1156304,1156519,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166693,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172556,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096
,1173241,1173256,1173288,1173333,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174322,1174325,1174329-1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613,1175633,1175690,1175713,1175889,1175896,1175907,1176584,1176590,1176799,1177050,1177060,1177125,1177152,1177160,1177245,1177850,1177862,1177978,1178209,1178228,1178233,1178449,1178542,1178681,1178684,1178721,1179268,1179274,1180261,1180865,1180891,1180894,1180907,1181028,1181123,1181125,1181136,1181291,1181743,1182796,1183078,1183105,1183142,1183328,1183339-1183340,1183492-1183494,1183605,1184917,1184919,1185018,1185020,1185200,1185588,1185626,1185756,1185758,1186011,1186042-1186045,1186104,1186123,1186137,1186153,1186254,1186257,1186377-1186379,1186479-1186480,1186712,1186743,1186750,1186763,1186890-1186892,1186894,1186949,1187018,1187027-1187028,1187381,1187755,1187
775,1187827,1188301,1188303-1188305,1188399,1188822,1188930-1188931,1189116,1189129,1189183,1189240,1189256,1189386,1189413-1189414,1189477,1189685,1189805,1189857,1189864,1189882,1190034,1190185,1190279,1190339,1190371,1190388-1190389,1190474,1190481,1194915,1195222-1195223,1195531,1195899,1195905,1195943,1195949,1195953,1195955,1195965
+/tomcat/trunk:1156115,1156171,1156276,1156304,1156519,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166693,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172556,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096
,1173241,1173256,1173288,1173333,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174322,1174325,1174329-1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613,1175633,1175690,1175713,1175889,1175896,1175907,1176584,1176590,1176799,1177050,1177060,1177125,1177152,1177160,1177245,1177850,1177862,1177978,1178209,1178228,1178233,1178449,1178542,1178681,1178684,1178721,1179268,1179274,1180261,1180865,1180891,1180894,1180907,1181028,1181123,1181125,1181136,1181291,1181743,1182796,1183078,1183105,1183142,1183328,1183339-1183340,1183492-1183494,1183605,1184917,1184919,1185018,1185020,1185200,1185588,1185626,1185756,1185758,1186011,1186042-1186045,1186104,1186123,1186137,1186153,1186254,1186257,1186377-1186379,1186479-1186480,1186712,1186743,1186750,1186763,1186890-1186892,1186894,1186949,1187018,1187027-1187028,1187381,1187755,1187
775,1187827,1188301,1188303-1188305,1188399,1188822,1188930-1188931,1189116,1189129,1189183,1189240,1189256,1189386,1189413-1189414,1189477,1189685,1189805,1189857,1189864,1189882,1190034,1190185,1190279,1190339,1190371,1190388-1190389,1190474,1190481,1194915,1195222-1195223,1195531,1195899,1195905,1195943,1195949,1195953,1195955,1195965,1195968
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties?rev=1195977&r1=1195976&r2=1195977&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties Tue Nov 1 13:09:56 2011
@@ -69,6 +69,7 @@ coyoteRequest.authenticate.ise=Cannot ca
coyoteRequest.uploadLocationInvalid=The temporary upload location [{0}] is not valid
coyoteRequest.sessionEndAccessFail=Exception triggered ending access to session while recycling request
coyoteRequest.sendfileNotCanonical=Unable to determine canonical name of file [{0}] specified for use with sendfile
+coyoteRequest.maxPostSizeExceeded=The multi-part request contained parameter data (excluding uploaded files) that exceeded the limit for maxPostSize set on the associated connector
requestFacade.nullRequest=The request object has been recycled and is no longer associated with this facade
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java?rev=1195977&r1=1195976&r2=1195977&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Request.java Tue Nov 1 13:09:56 2011
@@ -24,6 +24,7 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
+import java.nio.charset.Charset;
import java.security.Principal;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@@ -2683,26 +2684,59 @@ public class Request
parts = new ArrayList<Part>();
try {
List<FileItem> items = upload.parseRequest(this);
+ int maxPostSize = getConnector().getMaxPostSize();
+ int postSize = 0;
+ String enc = getCharacterEncoding();
+ Charset charset = null;
+ if (enc != null) {
+ try {
+ charset = B2CConverter.getCharset(enc);
+ } catch (UnsupportedEncodingException e) {
+ // Ignore
+ }
+ }
for (FileItem item : items) {
ApplicationPart part = new ApplicationPart(item, mce);
parts.add(part);
if (part.getFilename() == null) {
+ String name = part.getName();
+ String value = null;
try {
String encoding = parameters.getEncoding();
if (encoding == null) {
encoding = Parameters.DEFAULT_ENCODING;
}
- parameters.addParameter(part.getName(),
- part.getString(encoding));
+ value = part.getString(encoding);
} catch (UnsupportedEncodingException uee) {
try {
- parameters.addParameter(part.getName(),
- part.getString(
- Parameters.DEFAULT_ENCODING));
+ value = part.getString(Parameters.DEFAULT_ENCODING);
} catch (UnsupportedEncodingException e) {
// Should not be possible
}
}
+ if (maxPostSize > 0) {
+ // Have to calculate equivalent size. Not completely
+ // accurate but close enough.
+ if (charset == null) {
+ // Name length
+ postSize += name.getBytes().length;
+ } else {
+ postSize += name.getBytes(charset).length;
+ }
+ if (value != null) {
+ // Equals sign
+ postSize++;
+ // Value length
+ postSize += part.getSize();
+ }
+ // Value separator
+ postSize++;
+ if (postSize > maxPostSize) {
+ throw new IllegalStateException(sm.getString(
+ "coyoteRequest.maxPostSizeExceeded"));
+ }
+ }
+ parameters.addParameter(name, value);
}
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java?rev=1195977&r1=1195976&r2=1195977&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java Tue Nov 1 13:09:56 2011
@@ -173,8 +173,19 @@ public final class Parameters {
}
- public void addParameter( String key, String value ) {
+ public void addParameter( String key, String value )
+ throws IllegalStateException {
+
if( key==null ) return;
+
+ parameterCount ++;
+ if (limit > -1 && parameterCount > limit) {
+ // Processing this parameter will push us over the limit. ISE is
+ // what Request.parseParts() uses for requests that are too big
+ throw new IllegalStateException(sm.getString(
+ "parameters.maxCountFail", Integer.valueOf(limit)));
+ }
+
ArrayList<String> values = paramHashValues.get(key);
if (values == null) {
values = new ArrayList<String>(1);
@@ -218,13 +229,6 @@ public final class Parameters {
int end = start + len;
while(pos < end) {
- parameterCount ++;
-
- if (limit > -1 && parameterCount >= limit) {
- log.warn(sm.getString("parameters.maxCountFail",
- Integer.valueOf(limit)));
- break;
- }
int nameStart = pos;
int nameEnd = -1;
int valueStart = -1;
@@ -342,7 +346,14 @@ public final class Parameters {
tmpValue.setCharset(charset);
value = tmpValue.toString();
- addParameter(name, value);
+ try {
+ addParameter(name, value);
+ } catch (IllegalStateException ise) {
+ // Hitting limit stops processing further params but does
+ // not cause request to fail.
+ log.warn(ise.getMessage());
+ break;
+ }
} catch (IOException e) {
decodeFailCount++;
if (decodeFailCount == 1 || log.isDebugEnabled()) {
Modified: tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/TestParameters.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/TestParameters.java?rev=1195977&r1=1195976&r2=1195977&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/TestParameters.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/TestParameters.java Tue Nov 1 13:09:56 2011
@@ -21,6 +21,7 @@ import java.util.Enumeration;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
@@ -44,24 +45,33 @@ public class TestParameters {
@Test
public void testProcessParametersByteArrayIntInt() {
- doTestProcessParametersByteArrayIntInt(SIMPLE);
- doTestProcessParametersByteArrayIntInt(SIMPLE_MULTIPLE);
- doTestProcessParametersByteArrayIntInt(NO_VALUE);
- doTestProcessParametersByteArrayIntInt(EMPTY_VALUE);
- doTestProcessParametersByteArrayIntInt(EMPTY);
- doTestProcessParametersByteArrayIntInt(UTF8);
- doTestProcessParametersByteArrayIntInt(
+ doTestProcessParametersByteArrayIntInt(-1, SIMPLE);
+ doTestProcessParametersByteArrayIntInt(-1, SIMPLE_MULTIPLE);
+ doTestProcessParametersByteArrayIntInt(-1, NO_VALUE);
+ doTestProcessParametersByteArrayIntInt(-1, EMPTY_VALUE);
+ doTestProcessParametersByteArrayIntInt(-1, EMPTY);
+ doTestProcessParametersByteArrayIntInt(-1, UTF8);
+ doTestProcessParametersByteArrayIntInt(-1,
SIMPLE, SIMPLE_MULTIPLE, NO_VALUE, EMPTY_VALUE, EMPTY, UTF8);
- doTestProcessParametersByteArrayIntInt(
+ doTestProcessParametersByteArrayIntInt(-1,
SIMPLE_MULTIPLE, NO_VALUE, EMPTY_VALUE, EMPTY, UTF8, SIMPLE);
- doTestProcessParametersByteArrayIntInt(
+ doTestProcessParametersByteArrayIntInt(-1,
NO_VALUE, EMPTY_VALUE, EMPTY, UTF8, SIMPLE, SIMPLE_MULTIPLE);
- doTestProcessParametersByteArrayIntInt(
+ doTestProcessParametersByteArrayIntInt(-1,
EMPTY_VALUE, EMPTY, UTF8, SIMPLE, SIMPLE_MULTIPLE, NO_VALUE);
- doTestProcessParametersByteArrayIntInt(
+ doTestProcessParametersByteArrayIntInt(-1,
EMPTY, UTF8, SIMPLE, SIMPLE_MULTIPLE, NO_VALUE, EMPTY_VALUE);
- doTestProcessParametersByteArrayIntInt(
+ doTestProcessParametersByteArrayIntInt(-1,
UTF8, SIMPLE, SIMPLE_MULTIPLE, NO_VALUE, EMPTY_VALUE, EMPTY);
+
+ doTestProcessParametersByteArrayIntInt(1,
+ SIMPLE, NO_VALUE, EMPTY_VALUE, UTF8);
+ doTestProcessParametersByteArrayIntInt(2,
+ SIMPLE, NO_VALUE, EMPTY_VALUE, UTF8);
+ doTestProcessParametersByteArrayIntInt(3,
+ SIMPLE, NO_VALUE, EMPTY_VALUE, UTF8);
+ doTestProcessParametersByteArrayIntInt(4,
+ SIMPLE, NO_VALUE, EMPTY_VALUE, UTF8);
}
// Make sure the inner Parameter class behaves correctly
@@ -73,7 +83,7 @@ public class TestParameters {
assertEquals("foo4=", EMPTY_VALUE.toString());
}
- private long doTestProcessParametersByteArrayIntInt(
+ private long doTestProcessParametersByteArrayIntInt(int limit,
Parameter... parameters) {
// Build the byte array
@@ -92,12 +102,19 @@ public class TestParameters {
Parameters p = new Parameters();
p.setEncoding("UTF-8");
+ p.setLimit(limit);
long start = System.nanoTime();
p.processParameters(data, 0, data.length);
long end = System.nanoTime();
- validateParameters(parameters, p);
+ if (limit == -1) {
+ validateParameters(parameters, p);
+ } else {
+ Parameter[] limitParameters = new Parameter[limit];
+ System.arraycopy(parameters, 0, limitParameters, 0, limit);
+ validateParameters(limitParameters, p);
+ }
return end - start;
}
@@ -157,6 +174,73 @@ public class TestParameters {
assertEquals("value4", values[3]);
}
+ @Test
+ public void testAddParametersLimit() {
+ Parameters p = new Parameters();
+
+ p.setLimit(2);
+
+ // Empty at this point
+ Enumeration<String> names = p.getParameterNames();
+ assertFalse(names.hasMoreElements());
+ String[] values = p.getParameterValues("foo1");
+ assertNull(values);
+
+ // Add a parameter
+ p.addParameter("foo1", "value1");
+
+ names = p.getParameterNames();
+ assertTrue(names.hasMoreElements());
+ assertEquals("foo1", names.nextElement());
+ assertFalse(names.hasMoreElements());
+
+ values = p.getParameterValues("foo1");
+ assertEquals(1, values.length);
+ assertEquals("value1", values[0]);
+
+ // Add another parameter
+ p.addParameter("foo2", "value2");
+
+ names = p.getParameterNames();
+ assertTrue(names.hasMoreElements());
+ assertEquals("foo2", names.nextElement());
+ assertEquals("foo1", names.nextElement());
+ assertFalse(names.hasMoreElements());
+
+ values = p.getParameterValues("foo1");
+ assertEquals(1, values.length);
+ assertEquals("value1", values[0]);
+
+ values = p.getParameterValues("foo2");
+ assertEquals(1, values.length);
+ assertEquals("value2", values[0]);
+
+ // Add another parameter
+ IllegalStateException e = null;
+ try {
+ p.addParameter("foo3", "value3");
+ } catch (IllegalStateException ise) {
+ e = ise;
+ }
+ assertNotNull(e);
+
+ // Check current parameters remain unaffected
+ names = p.getParameterNames();
+ assertTrue(names.hasMoreElements());
+ assertEquals("foo2", names.nextElement());
+ assertEquals("foo1", names.nextElement());
+ assertFalse(names.hasMoreElements());
+
+ values = p.getParameterValues("foo1");
+ assertEquals(1, values.length);
+ assertEquals("value1", values[0]);
+
+ values = p.getParameterValues("foo2");
+ assertEquals(1, values.length);
+ assertEquals("value2", values[0]);
+
+ }
+
private void validateParameters(Parameter[] parameters, Parameters p) {
Enumeration<String> names = p.getParameterNames();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org