You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/10/17 17:50:00 UTC
[tomcat] 05/05: Fix
https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6a63a680de6a12bbf27ccf0b3297ba62da4ff3ee
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Oct 17 18:49:33 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
The expect header has a single defined value "100-continue" so look for
the exact value rather than a value that starts with "100-continue"
---
.../apache/coyote/http11/AbstractHttp11Processor.java | 16 +++++-----------
webapps/docs/changelog.xml | 5 +++++
2 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Processor.java b/java/org/apache/coyote/http11/AbstractHttp11Processor.java
index 4d93cca..4bd7b3f 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Processor.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Processor.java
@@ -1349,7 +1349,7 @@ public abstract class AbstractHttp11Processor<S> extends AbstractProcessor<S> {
if (http11) {
MessageBytes expectMB = headers.getValue("expect");
if (expectMB != null && !expectMB.isNull()) {
- if (expectMB.indexOfIgnoreCase("100-continue", 0) != -1) {
+ if (expectMB.toString().trim().equalsIgnoreCase("100-continue")) {
getInputBuffer().setSwallowInput(false);
expectation = true;
} else {
@@ -1666,7 +1666,7 @@ public abstract class AbstractHttp11Processor<S> extends AbstractProcessor<S> {
}
long contentLength = response.getContentLengthLong();
- boolean connectionClosePresent = isConnectionClose(headers);
+ boolean connectionClosePresent = isConnectionToken(headers, Constants.CLOSE);
if (contentLength != -1) {
headers.setValue("Content-Length").setLong(contentLength);
getOutputBuffer().addActiveFilter
@@ -1746,25 +1746,19 @@ public abstract class AbstractHttp11Processor<S> extends AbstractProcessor<S> {
}
- private boolean isConnectionClose(MimeHeaders headers) throws IOException {
+ private static boolean isConnectionToken(MimeHeaders headers, String token) throws IOException {
MessageBytes connection = headers.getValue(Constants.CONNECTION);
if (connection == null) {
return false;
}
Enumeration<String> values = headers.values(Constants.CONNECTION);
- Set<String> result = null;
+ Set<String> result = new HashSet<String>();
while (values.hasMoreElements()) {
- if (result == null) {
- result = new HashSet<String>();
- }
TokenList.parseTokenList(new StringReader(values.nextElement()), result);
}
- if (result == null) {
- return false;
- }
- return result.contains(Constants.CLOSE);
+ return result.contains(token);
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a48d4bd..9d45831 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -87,6 +87,11 @@
that started asynchronous processing has completed processing the
current request/response. (markt)
</fix>
+ <fix>
+ <bug>63825</bug>: When processing the <code>Expect</code> and
+ <code>Connection</code> HTTP headers looking for a specific token, be
+ stricter in ensuring that the exact token is present. (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org