You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/06/08 10:48:30 UTC
[tomcat] branch 8.5.x updated (1971c76 -> 8874fa0)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 1971c76 Treat empty token at end the same way as empty token at start/middle
new 3202703 Remove support for the identity T-E header value
new da0e7cb Process T-E header from both HTTP 1.0 and HTTP 1.1. clients
new 8874fa0 Ensure chunked, if present, is the last encoding in the list
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
java/org/apache/coyote/http11/Http11Processor.java | 25 ++--
.../apache/coyote/http11/TestHttp11Processor.java | 133 +++++++++++++++++----
webapps/docs/changelog.xml | 15 +++
3 files changed, 140 insertions(+), 33 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 03/03: Ensure chunked, if present,
is the last encoding in the list
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 8874fa02e9b36baa9ca6b226c0882c0190ca5a02
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon May 10 22:14:18 2021 +0100
Ensure chunked, if present, is the last encoding in the list
---
java/org/apache/coyote/http11/Http11Processor.java | 13 +++++++++-
.../apache/coyote/http11/TestHttp11Processor.java | 28 +++++++++++++++-------
webapps/docs/changelog.xml | 5 ++++
3 files changed, 36 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index 1eb678c..bfc033f 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -451,9 +451,20 @@ public class Http11Processor extends AbstractProcessor {
* supported, a 501 response will be returned to the client.
*/
private void addInputFilter(InputFilter[] inputFilters, String encodingName) {
+ if (contentDelimitation) {
+ // Chunked has already been specified and it must be the final
+ // encoding.
+ // 400 - Bad request
+ response.setStatus(400);
+ setErrorState(ErrorState.CLOSE_CLEAN, null);
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("http11processor.request.prepare") +
+ " Tranfer encoding lists chunked before [" + encodingName + "]");
+ }
+ return;
+ }
// Parsing trims and converts to lower case.
-
if (encodingName.equals("chunked")) {
inputBuffer.addActiveFilter(inputFilters[Constants.CHUNKED_FILTER]);
contentDelimitation = true;
diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java b/test/org/apache/coyote/http11/TestHttp11Processor.java
index bd49273..ca7db29 100644
--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -1854,47 +1854,53 @@ public class TestHttp11Processor extends TomcatBaseTest {
@Test
public void testTEHeaderUnknown01() throws Exception {
- doTestTEHeaderUnknown("identity");
+ doTestTEHeaderInvalid("identity", false);
}
@Test
public void testTEHeaderUnknown02() throws Exception {
- doTestTEHeaderUnknown("identity, chunked");
+ doTestTEHeaderInvalid("identity, chunked", false);
}
@Test
public void testTEHeaderUnknown03() throws Exception {
- doTestTEHeaderUnknown("unknown, chunked");
+ doTestTEHeaderInvalid("unknown, chunked", false);
}
@Test
public void testTEHeaderUnknown04() throws Exception {
- doTestTEHeaderUnknown("void");
+ doTestTEHeaderInvalid("void", false);
}
@Test
public void testTEHeaderUnknown05() throws Exception {
- doTestTEHeaderUnknown("void, chunked");
+ doTestTEHeaderInvalid("void, chunked", false);
}
@Test
public void testTEHeaderUnknown06() throws Exception {
- doTestTEHeaderUnknown("void, identity");
+ doTestTEHeaderInvalid("void, identity", false);
}
@Test
public void testTEHeaderUnknown07() throws Exception {
- doTestTEHeaderUnknown("identity, void");
+ doTestTEHeaderInvalid("identity, void", false);
}
- private void doTestTEHeaderUnknown(String headerValue) throws Exception {
+ @Test
+ public void testTEHeaderChunkedNotLast01() throws Exception {
+ doTestTEHeaderInvalid("chunked, void", true);
+ }
+
+
+ private void doTestTEHeaderInvalid(String headerValue, boolean badRequest) throws Exception {
Tomcat tomcat = getTomcatInstance();
// No file system docBase required
@@ -1918,7 +1924,11 @@ public class TestHttp11Processor extends TomcatBaseTest {
client.connect();
client.processRequest(false);
- Assert.assertTrue(client.isResponse501());
+ if (badRequest) {
+ Assert.assertTrue(client.isResponse400());
+ } else {
+ Assert.assertTrue(client.isResponse501());
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index df3371f..d6fcb6d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -216,6 +216,11 @@
Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
clients. (markt)
</fix>
+ <fix>
+ Ensure that if the transfer encoding header contains the
+ <code>chunked</code>, that the <code>chunked</code> encoding is the
+ final encoding listed. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/03: Remove support for the identity T-E header value
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 3202703e6d635e39b74262e81f0cb4bcbe2170dc
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon May 10 21:20:46 2021 +0100
Remove support for the identity T-E header value
---
java/org/apache/coyote/http11/Http11Processor.java | 8 +-
.../apache/coyote/http11/TestHttp11Processor.java | 95 ++++++++++++++++------
webapps/docs/changelog.xml | 6 ++
3 files changed, 78 insertions(+), 31 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index 8c3148f..14fb1d6 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -454,11 +454,8 @@ public class Http11Processor extends AbstractProcessor {
// Parsing trims and converts to lower case.
- if (encodingName.equals("identity")) {
- // Skip
- } else if (encodingName.equals("chunked")) {
- inputBuffer.addActiveFilter
- (inputFilters[Constants.CHUNKED_FILTER]);
+ if (encodingName.equals("chunked")) {
+ inputBuffer.addActiveFilter(inputFilters[Constants.CHUNKED_FILTER]);
contentDelimitation = true;
} else {
for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
@@ -1001,7 +998,6 @@ public class Http11Processor extends AbstractProcessor {
List<String> encodingNames = new ArrayList<>();
if (TokenList.parseTokenList(headers.values("transfer-encoding"), encodingNames)) {
for (String encodingName : encodingNames) {
- // "identity" codings are ignored
addInputFilter(inputFilters, encodingName);
}
} else {
diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java b/test/org/apache/coyote/http11/TestHttp11Processor.java
index 089be58..3a5bb1f 100644
--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -256,31 +256,6 @@ public class TestHttp11Processor extends TomcatBaseTest {
@Test
- public void testWithTEIdentity() throws Exception {
- getTomcatInstanceTestWebapp(false, true);
-
- String request =
- "POST /test/echo-params.jsp HTTP/1.1" + SimpleHttpClient.CRLF +
- "Host: any" + SimpleHttpClient.CRLF +
- "Transfer-encoding: identity" + SimpleHttpClient.CRLF +
- "Content-Length: 9" + SimpleHttpClient.CRLF +
- "Content-Type: application/x-www-form-urlencoded" +
- SimpleHttpClient.CRLF +
- "Connection: close" + SimpleHttpClient.CRLF +
- SimpleHttpClient.CRLF +
- "test=data";
-
- Client client = new Client(getPort());
- client.setRequest(new String[] {request});
-
- client.connect();
- client.processRequest();
- Assert.assertTrue(client.isResponse200());
- Assert.assertTrue(client.getResponseBody().contains("test - data"));
- }
-
-
- @Test
public void testWithTESavedRequest() throws Exception {
getTomcatInstanceTestWebapp(false, true);
@@ -1875,4 +1850,74 @@ public class TestHttp11Processor extends TomcatBaseTest {
// NO-OP
}
}
+
+
+ @Test
+ public void testTEHeaderUnknown01() throws Exception {
+ doTestTEHeaderUnknown("identity");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown02() throws Exception {
+ doTestTEHeaderUnknown("identity, chunked");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown03() throws Exception {
+ doTestTEHeaderUnknown("unknown, chunked");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown04() throws Exception {
+ doTestTEHeaderUnknown("void");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown05() throws Exception {
+ doTestTEHeaderUnknown("void, chunked");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown06() throws Exception {
+ doTestTEHeaderUnknown("void, identity");
+ }
+
+
+ @Test
+ public void testTEHeaderUnknown07() throws Exception {
+ doTestTEHeaderUnknown("identity, void");
+ }
+
+
+ private void doTestTEHeaderUnknown(String headerValue) throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+
+ // No file system docBase required
+ Context ctx = tomcat.addContext("", null);
+
+ // Add servlet
+ Tomcat.addServlet(ctx, "TesterServlet", new TesterServlet(false));
+ ctx.addServletMappingDecoded("/foo", "TesterServlet");
+
+ tomcat.start();
+
+ String request =
+ "GET /foo HTTP/1.1" + SimpleHttpClient.CRLF +
+ "Host: localhost:" + getPort() + SimpleHttpClient.CRLF +
+ "Transfer-Encoding: " + headerValue + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF;
+
+ Client client = new Client(tomcat.getConnector().getLocalPort());
+ client.setRequest(new String[] {request});
+
+ client.connect();
+ client.processRequest(false);
+
+ Assert.assertTrue(client.isResponse501());
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6bd5459..47e9ee5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -206,6 +206,12 @@
the empty token is at the start, middle or end of the list of tokens.
(markt)
</fix>
+ <fix>
+ Remove support for the <code>identity</code> transfer encoding. The
+ inclusion of this encoding in RFC 2616 was an error that was corrected
+ in 2001. Requests using this transfer encoding will now receive a 501
+ response. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/03: Process T-E header from both HTTP 1.0 and HTTP 1.1.
clients
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit da0e7cb093cf68b052d9175e469dbd0464441b0b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon May 10 21:59:44 2021 +0100
Process T-E header from both HTTP 1.0 and HTTP 1.1. clients
---
java/org/apache/coyote/http11/Http11Processor.java | 4 +++-
.../apache/coyote/http11/TestHttp11Processor.java | 28 ++++++++++++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index 14fb1d6..1eb678c 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -992,7 +992,9 @@ public class Http11Processor extends AbstractProcessor {
InputFilter[] inputFilters = inputBuffer.getFilters();
// Parse transfer-encoding header
- if (http11) {
+ // HTTP specs say an HTTP 1.1 server should accept any recognised
+ // HTTP 1.x header from a 1.x client unless the specs says otherwise.
+ if (!http09) {
MessageBytes transferEncodingValueMB = headers.getValue("transfer-encoding");
if (transferEncodingValueMB != null) {
List<String> encodingNames = new ArrayList<>();
diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java b/test/org/apache/coyote/http11/TestHttp11Processor.java
index 3a5bb1f..bd49273 100644
--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -1920,4 +1920,32 @@ public class TestHttp11Processor extends TomcatBaseTest {
Assert.assertTrue(client.isResponse501());
}
+
+
+ @Test
+ public void testWithTEChunkedHttp10() throws Exception {
+
+ getTomcatInstanceTestWebapp(false, true);
+
+ String request =
+ "POST /test/echo-params.jsp HTTP/1.0" + SimpleHttpClient.CRLF +
+ "Host: any" + SimpleHttpClient.CRLF +
+ "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
+ "Content-Type: application/x-www-form-urlencoded" +
+ SimpleHttpClient.CRLF +
+ "Connection: close" + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF +
+ "9" + SimpleHttpClient.CRLF +
+ "test=data" + SimpleHttpClient.CRLF +
+ "0" + SimpleHttpClient.CRLF +
+ SimpleHttpClient.CRLF;
+
+ Client client = new Client(getPort());
+ client.setRequest(new String[] {request});
+
+ client.connect();
+ client.processRequest();
+ Assert.assertTrue(client.isResponse200());
+ Assert.assertTrue(client.getResponseBody().contains("test - data"));
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 47e9ee5..df3371f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -212,6 +212,10 @@
in 2001. Requests using this transfer encoding will now receive a 501
response. (markt)
</fix>
+ <fix>
+ Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
+ clients. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org