You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/11/20 11:32:55 UTC
svn commit: r1815791 - in /tomcat/trunk/java/org/apache/coyote/http11:
Http11Processor.java LocalStrings.properties
Author: markt
Date: Mon Nov 20 11:32:54 2017
New Revision: 1815791
URL: http://svn.apache.org/viewvc?rev=1815791&view=rev
Log:
Enable host name validation for HTTP requests.
Note: This only logs failures. It does not (yet) trigger a 400 response.
Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1815791&r1=1815790&r2=1815791&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Mon Nov 20 11:32:54 2017
@@ -52,6 +52,7 @@ import org.apache.tomcat.util.buf.HexUti
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.MimeHeaders;
+import org.apache.tomcat.util.http.parser.Host;
import org.apache.tomcat.util.log.UserDataHelper;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.SSLSupport;
@@ -1102,6 +1103,32 @@ public class Http11Processor extends Abs
hostNameC = new char[valueL];
}
+ // TODO
+ // To minimise breakage to existing systems, just report any errors. In
+ // a future release this will switch to returning a 400 response.
+ // Depending on user feedback, the 400 response may be made optional.
+ try {
+ Host.parse(valueMB);
+ } catch (IOException | IllegalArgumentException e) {
+ // IOException should never happen
+ // IllegalArgumentException indicates that the host name is invalid
+ UserDataHelper.Mode logMode = userDataHelper.getNextMode();
+ if (logMode != null) {
+ String message = sm.getString("http11processor.host.parse",
+ valueMB.toString(), e.getMessage());
+ switch (logMode) {
+ case INFO_THEN_DEBUG:
+ message += sm.getString("http11processor.fallToDebug");
+ //$FALL-THROUGH$
+ case INFO:
+ log.info(message, e);
+ break;
+ case DEBUG:
+ log.debug(message, e);
+ }
+ }
+ }
+
boolean ipv6 = (valueB[valueS] == '[');
boolean bracketClosed = false;
for (int i = 0; i < valueL; i++) {
Modified: tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1815791&r1=1815790&r2=1815791&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties Mon Nov 20 11:32:54 2017
@@ -17,8 +17,9 @@ abstractHttp11Protocol.alpnConfigured=Th
abstractHttp11Protocol.alpnWithNoAlpn=The upgrade handler [{0}] for [{1}] only supports upgrade via ALPN but has been configured for the [{2}] connector that does not support ALPN.
abstractHttp11Protocol.httpUpgradeConfigured=The [{0}] connector has been configured to support HTTP upgrade to [{1}]
-http11processor.fallToDebug=\n Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
+http11processor.fallToDebug=\n Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
http11processor.header.parse=Error parsing HTTP request header
+http11processor.host.parse=The host header [{0}] failed validation with the error [{1}]. Processing of the request will continue but Tomcat will reject these requests with a 400 response in a future release.
http11processor.neverused=This method should never be used
http11processor.request.inconsistentHosts=The host specified in the request line is not consistent with the host header
http11processor.request.multipleHosts=The request contained multiple host headers
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org