You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/12/09 10:46:58 UTC
svn commit: r1549523 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Author: markt
Date: Mon Dec 9 09:46:58 2013
New Revision: 1549523
URL: http://svn.apache.org/r1549523
Log:
Improve parsing of trailing headers
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1549522
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1549523&r1=1549522&r2=1549523&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Mon Dec 9 09:46:58 2013
@@ -126,6 +126,11 @@ public class ChunkedInputFilter implemen
/**
+ * Limit for trailer size.
+ */
+ private int maxTrailerSize;
+
+ /**
* Size of extensions processed for this request.
*/
private long extensionSize;
@@ -135,6 +140,7 @@ public class ChunkedInputFilter implemen
public ChunkedInputFilter(int maxTrailerSize, int maxExtensionSize) {
this.trailingHeaders.setLimit(maxTrailerSize);
this.maxExtensionSize = maxExtensionSize;
+ this.maxTrailerSize = maxTrailerSize;
}
// ---------------------------------------------------- InputBuffer Methods
@@ -264,6 +270,7 @@ public class ChunkedInputFilter implemen
endChunk = false;
needCRLFParse = false;
trailingHeaders.recycle();
+ trailingHeaders.setLimit(maxTrailerSize);
extensionSize = 0;
}
@@ -326,7 +333,10 @@ public class ChunkedInputFilter implemen
if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
parseCRLF(false);
eol = true;
- } else if (buf[pos] == Constants.SEMI_COLON) {
+ } else if (buf[pos] == Constants.SEMI_COLON && !extension) {
+ // First semi-colon marks the start of the extension. Further
+ // semi-colons may appear to separate multiple chunk-extensions.
+ // These need to be processed as part of parsing the extensions.
extension = true;
extensionSize++;
} else if (!extension) {
@@ -342,7 +352,9 @@ public class ChunkedInputFilter implemen
return false;
}
} else {
- // extension
+ // Extension 'parsing'
+ // Note that the chunk-extension is neither parsed nor
+ // validated. Currently it is simply ignored.
extensionSize++;
if (maxExtensionSize > -1 && extensionSize > maxExtensionSize) {
throw new IOException("maxExtensionSize exceeded");
@@ -511,6 +523,13 @@ public class ChunkedInputFilter implemen
chr = buf[pos];
if ((chr == Constants.SP) || (chr == Constants.HT)) {
pos++;
+ // If we swallow whitespace, make sure it counts towards the
+ // limit placed on trailing header size
+ int newlimit = trailingHeaders.getLimit() -1;
+ if (trailingHeaders.getEnd() > newlimit) {
+ throw new IOException("Exceeded maxTrailerSize");
+ }
+ trailingHeaders.setLimit(newlimit);
} else {
space = false;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org