You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/06/23 16:46:40 UTC
[tomcat] branch 8.5.x updated: Simplify reading of request body for x-www-form-urlencoded processing
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 9f55c9711c Simplify reading of request body for x-www-form-urlencoded processing
9f55c9711c is described below
commit 9f55c9711c972ee3220b4b3ddb09d8086e242221
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Jun 23 17:44:36 2023 +0100
Simplify reading of request body for x-www-form-urlencoded processing
An incomplete body is the same as a client disconnect before the request
body has been read as that is the only way a client can provide an
incomplete body.
---
java/org/apache/catalina/connector/Request.java | 31 ++++++++++++++++++----
.../catalina/filters/FailedRequestFilter.java | 1 +
java/org/apache/tomcat/util/http/Parameters.java | 6 +++++
3 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index c1d4c8dd76..6418b8c269 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -17,6 +17,7 @@
package org.apache.catalina.connector;
import java.io.BufferedReader;
+import java.io.EOFException;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -3231,10 +3232,7 @@ public class Request implements HttpServletRequest {
formData = new byte[len];
}
try {
- if (readPostBody(formData, len) != len) {
- parameters.setParseFailedReason(FailReason.REQUEST_BODY_INCOMPLETE);
- return;
- }
+ readPostBodyFully(formData, len);
} catch (IOException e) {
// Client disconnect
Context context = getContext();
@@ -3281,7 +3279,7 @@ public class Request implements HttpServletRequest {
/**
- * Read post body in an array.
+ * Read post body into an array.
*
* @param body The bytes array in which the body will be read
* @param len The body length
@@ -3289,7 +3287,10 @@ public class Request implements HttpServletRequest {
* @return the bytes count that has been read
*
* @throws IOException if an IO exception occurred
+ *
+ * @deprecated Unused. Will be removed in Tomcat 11.0.x onwards. Use {@link #readPostBodyFully(byte[], int)}
*/
+ @Deprecated
protected int readPostBody(byte[] body, int len) throws IOException {
int offset = 0;
@@ -3305,6 +3306,26 @@ public class Request implements HttpServletRequest {
}
+ /**
+ * Read post body into an array.
+ *
+ * @param body The bytes array in which the body will be read
+ * @param len The body length
+ *
+ * @throws IOException if an IO exception occurred or EOF is reached before the body has been fully read
+ */
+ protected void readPostBodyFully(byte[] body, int len) throws IOException {
+ int offset = 0;
+ do {
+ int inputLen = getStream().read(body, offset, len - offset);
+ if (inputLen <= 0) {
+ throw new EOFException();
+ }
+ offset += inputLen;
+ } while ((len - offset) > 0);
+ }
+
+
/**
* Read chunked post body.
*
diff --git a/java/org/apache/catalina/filters/FailedRequestFilter.java b/java/org/apache/catalina/filters/FailedRequestFilter.java
index 5ce47668da..2d14bac26d 100644
--- a/java/org/apache/catalina/filters/FailedRequestFilter.java
+++ b/java/org/apache/catalina/filters/FailedRequestFilter.java
@@ -49,6 +49,7 @@ public class FailedRequestFilter extends FilterBase {
return log;
}
+ @SuppressWarnings("deprecation")
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
diff --git a/java/org/apache/tomcat/util/http/Parameters.java b/java/org/apache/tomcat/util/http/Parameters.java
index b5eb54e98d..a30922a37a 100644
--- a/java/org/apache/tomcat/util/http/Parameters.java
+++ b/java/org/apache/tomcat/util/http/Parameters.java
@@ -567,6 +567,12 @@ public final class Parameters {
IO_ERROR,
NO_NAME,
POST_TOO_LARGE,
+ /**
+ * Same as {@link #CLIENT_DISCONNECT}.
+ *
+ * @deprecated Unused. Will be removed in Tomcat 11.0.x onwards
+ */
+ @Deprecated
REQUEST_BODY_INCOMPLETE,
TOO_MANY_PARAMETERS,
UNKNOWN,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org