You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/08 15:28:49 UTC
[tomcat] branch 9.0.x updated: "-1" should not be a valid port number
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 178cb6de9c "-1" should not be a valid port number
178cb6de9c is described below
commit 178cb6de9c39f7f17e93ad5d60e0efc5278af363
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Aug 8 16:28:26 2022 +0100
"-1" should not be a valid port number
---
.../apache/tomcat/util/http/parser/HttpParser.java | 25 ++++++++++++++++++----
.../util/http/parser/TestHttpParserHost.java | 9 ++++++++
2 files changed, 30 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index 76d79cae5e..2d21f02e68 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -785,7 +785,11 @@ public class HttpParser {
return readHostDomainName(reader);
}
- return pos;
+ if (inIPv6) {
+ return pos;
+ } else {
+ return validatePort(reader, pos);
+ }
}
@@ -877,7 +881,7 @@ public class HttpParser {
c = reader.read();
if (c == ':') {
- return pos;
+ return validatePort(reader, pos);
} else {
if(c == -1) {
return -1;
@@ -902,14 +906,27 @@ public class HttpParser {
if (DomainParseState.COLON == state) {
// State identifies the state of the previous character
- return pos - 1;
+ return validatePort(reader, pos - 1);
} else {
return -1;
}
}
- /**
+ static int validatePort(Reader reader, int colonPosition) throws IOException {
+ // Remaining characters should be numeric ...
+ readLong(reader);
+ // ... followed by EOS
+ if (reader.read() == -1) {
+ return colonPosition;
+ } else {
+ // Invalid port
+ throw new IllegalArgumentException();
+ }
+ }
+
+
+ /**
* Skips all characters until EOF or the specified target is found. Normally
* used to skip invalid input until the next separator.
*/
diff --git a/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java b/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
index c146e4af81..e5b9bc0572 100644
--- a/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
+++ b/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
@@ -217,6 +217,15 @@ public class TestHttpParserHost {
Integer.valueOf(-1), IAE} );
result.add(new Object[] { TestType.IPv6, "[1111:2222:3333]",
Integer.valueOf(-1), IAE} );
+ // Domain name - invalid port
+ result.add(new Object[] { TestType.IPv4, "localhost:x", Integer.valueOf(-1), IAE} );
+ result.add(new Object[] { TestType.IPv4, "localhost:-1", Integer.valueOf(-1), IAE} );
+ // IPv4 - invalid port
+ result.add(new Object[] { TestType.IPv4, "127.0.0.1:x", Integer.valueOf(-1), IAE} );
+ result.add(new Object[] { TestType.IPv4, "127.0.0.1:-1", Integer.valueOf(-1), IAE} );
+ // IPv6 - invalid port
+ result.add(new Object[] { TestType.IPv4, "[::1]:x", Integer.valueOf(-1), IAE} );
+ result.add(new Object[] { TestType.IPv4, "[::1]:-1", Integer.valueOf(-1), IAE} );
return result;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org