Re: [tomcat] branch master updated: Only decode in standard mode.

[Mark Thomas <ma...@apache.org>]

On 01/08/2019 22:55, markt@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
> 
> markt pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
> 
> 
> The following commit(s) were added to refs/heads/master by this push:
>      new 9fd972c  Only decode in standard mode.
> 9fd972c is described below
> 
> commit 9fd972c931cf3ce8829a69437b7340f9b0e1e731
> Author: Mark Thomas <ma...@apache.org>
> AuthorDate: Thu Aug 1 22:54:41 2019 +0100
> 
>     Only decode in standard mode.
>     
>     The seamless decoding of both standard and URL-safe mode no longer works
>     as expected in some cases when one of the two characters from the other
>     mode appear in the encoded data. This is because rather than ignoring
>     the unexpected "-" or "_" it gets decoded and if the result is invalid
>     an exception is thrown due to the fix for CODEC-134.
>     Tomcat doesn't use URL-safe mode so simply disable it.

I've discovered some TCK failures as a result of this change. The
HTTP2-Settings header present in an HTTP upgrade for h2c uses the
URL-safe form of base64 encoding.

The good news is that it is only h2c that is affected so the impact on
end users should be minimal.

I think I am going to have to tweak the codec so that users can opt for
standard or URL-safe mode as required. That looks doable without too
invasive a change. I'll look into applying the fix upstream.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org