You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/09/01 06:28:02 UTC
[tomcat] branch 8.5.x updated: Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new dff73fe418 Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
dff73fe418 is described below
commit dff73fe4189b556e66fa845588b7df46f17188fb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 1 07:04:49 2022 +0100
Implement maxSavePostSize support for 0 and -1 with TLS renegotiation
---
.../coyote/http11/filters/BufferedInputFilter.java | 31 +++++++++++-----------
.../org/apache/tomcat/util/net/TestClientCert.java | 18 +++++++++++--
webapps/docs/changelog.xml | 8 +++++-
3 files changed, 39 insertions(+), 18 deletions(-)
diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
index 0ed366e273..04b5b53be3 100644
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -41,7 +41,9 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
// ----------------------------------------------------- Instance Variables
- private ByteBuffer buffered;
+ // Use ByteChunk since it correctly handles the special buffer size of -1
+ // for maxSavePostSize.
+ private ByteChunk buffered;
private ByteBuffer tempRead;
private InputBuffer buffer;
private boolean hasRead = false;
@@ -66,8 +68,8 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
*/
public void setLimit(int limit) {
if (buffered == null) {
- buffered = ByteBuffer.allocate(limit);
- buffered.flip();
+ buffered = new ByteChunk();
+ buffered.setLimit(limit);
}
}
@@ -80,12 +82,13 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
*/
@Override
public void setRequest(Request request) {
+ if (buffered.getLimit() == 0) {
+ return;
+ }
// save off the Request body
try {
while (buffer.doRead(this) >= 0) {
- buffered.mark().position(buffered.limit()).limit(buffered.capacity());
- buffered.put(tempRead);
- buffered.limit(buffered.position()).reset();
+ buffered.append(tempRead);
tempRead = null;
}
} catch(IOException | BufferOverflowException ioe) {
@@ -107,9 +110,7 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
if (isFinished()) {
return -1;
}
-
- chunk.setBytes(buffered.array(), buffered.arrayOffset() + buffered.position(),
- buffered.remaining());
+ chunk.append(buffered);
hasRead = true;
return chunk.getLength();
}
@@ -123,9 +124,9 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
return -1;
}
- handler.setByteBuffer(buffered);
+ handler.setByteBuffer(ByteBuffer.wrap(buffered.getBuffer(), buffered.getStart(), buffered.getLength()));
hasRead = true;
- return buffered.remaining();
+ return buffered.getLength();
}
@Override
@@ -136,10 +137,10 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
@Override
public void recycle() {
if (buffered != null) {
- if (buffered.capacity() > 65536) {
+ if (buffered.getBuffer().length > 65536) {
buffered = null;
} else {
- buffered.position(0).limit(0);
+ buffered.recycle();
}
}
hasRead = false;
@@ -158,7 +159,7 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
@Override
public int available() {
- int available = buffered.remaining();
+ int available = buffered.getLength();
if (available == 0) {
// No data buffered here. Try the next filter in the chain.
return buffer.available();
@@ -170,7 +171,7 @@ public class BufferedInputFilter implements InputFilter, ApplicationBufferHandle
@Override
public boolean isFinished() {
- return hasRead || buffered.remaining() <= 0;
+ return hasRead || buffered.getLength() <= 0;
}
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java b/test/org/apache/tomcat/util/net/TestClientCert.java
index c581b210c9..89a42ceb5e 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -97,6 +97,13 @@ public class TestClientCert extends TomcatBaseTest {
Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
}
+ @Test
+ public void testClientCertPostZero() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ tomcat.getConnector().setMaxSavePostSize(0);
+ doTestClientCertPost(1024, false);
+ }
+
@Test
public void testClientCertPostSmaller() throws Exception {
Tomcat tomcat = getTomcatInstance();
@@ -123,7 +130,8 @@ public class TestClientCert extends TomcatBaseTest {
Assume.assumeTrue("SSL renegotiation has to be supported for this test",
TesterSupport.isRenegotiationSupported(getTomcatInstance()));
- getTomcatInstance().start();
+ Tomcat tomcat = getTomcatInstance();
+ tomcat.start();
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
@@ -162,10 +170,16 @@ public class TestClientCert extends TomcatBaseTest {
// POST body buffer fails so TLS handshake never happens
Assert.assertEquals(0, count);
} else {
+ int expectedBodySize;
+ if (tomcat.getConnector().getMaxSavePostSize() == 0) {
+ expectedBodySize = 0;
+ } else {
+ expectedBodySize = bodySize;
+ }
Assert.assertTrue("Checking requested client issuer against " +
TesterSupport.getClientAuthExpectedIssuer(),
TesterSupport.checkLastClientAuthRequestedIssuers());
- Assert.assertEquals("OK-" + bodySize, res.toString());
+ Assert.assertEquals("OK-" + expectedBodySize, res.toString());
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5f39785f6c..61e19ffaf5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -159,7 +159,13 @@
</fix>
<fix>
<bug>66240</bug>: Avoid int overflow when parsing octets by limiting
- the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr. (lihan)
+ the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr.
+ (lihan)
+ </fix>
+ <fix>
+ <bug>66236</bug>: Implement support for the special values zero and
+ minus one when configuring <code>maxSavePostSize</code> for a Connector
+ when used in conjunction with TLS renegotiation. (markt)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org