You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2019/09/17 18:29:53 UTC
Re: [tomcat] branch master updated: Only decode in standard mode.
On 01/08/2019 22:55, markt@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 9fd972c Only decode in standard mode.
> 9fd972c is described below
>
> commit 9fd972c931cf3ce8829a69437b7340f9b0e1e731
> Author: Mark Thomas <ma...@apache.org>
> AuthorDate: Thu Aug 1 22:54:41 2019 +0100
>
> Only decode in standard mode.
>
> The seamless decoding of both standard and URL-safe mode no longer works
> as expected in some cases when one of the two characters from the other
> mode appear in the encoded data. This is because rather than ignoring
> the unexpected "-" or "_" it gets decoded and if the result is invalid
> an exception is thrown due to the fix for CODEC-134.
> Tomcat doesn't use URL-safe mode so simply disable it.
I've discovered some TCK failures as a result of this change. The
HTTP2-Settings header present in an HTTP upgrade for h2c uses the
URL-safe form of base64 encoding.
The good news is that it is only h2c that is affected so the impact on
end users should be minimal.
I think I am going to have to tweak the codec so that users can opt for
standard or URL-safe mode as required. That looks doable without too
invasive a change. I'll look into applying the fix upstream.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org