You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/10/17 17:42:36 UTC

[tomcat] 02/02: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63825

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4dd08aeb92b29a1c0578f731816cdfda2d4132be
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Oct 17 18:41:38 2019 +0100

    Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63825
    
    The expect header has a single defined value "100-continue" so look for
    the exact value rather than a value that starts with "100-continue"
    
    When looking for the "upgrade" token, use an exact match rather than
    looking for any token then contains "upgrade"
---
 java/org/apache/coyote/http11/Http11Processor.java | 27 +++++-----------------
 webapps/docs/changelog.xml                         |  5 ++++
 2 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index 80d427f..faeb762 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -349,16 +349,7 @@ public class Http11Processor extends AbstractProcessor {
             }
 
             // Has an upgrade been requested?
-            Enumeration<String> connectionValues = request.getMimeHeaders().values("Connection");
-            boolean foundUpgrade = false;
-            while (connectionValues.hasMoreElements() && !foundUpgrade) {
-                String connectionValue = connectionValues.nextElement();
-                if (connectionValue != null) {
-                    foundUpgrade = connectionValue.toLowerCase(Locale.ENGLISH).contains("upgrade");
-                }
-            }
-
-            if (foundUpgrade) {
+            if (isConnectionToken(request.getMimeHeaders(), "upgrade")) {
                 // Check the protocol
                 String requestedProtocol = request.getHeader("Upgrade");
 
@@ -619,7 +610,7 @@ public class Http11Processor extends AbstractProcessor {
         if (http11) {
             MessageBytes expectMB = headers.getValue("expect");
             if (expectMB != null && !expectMB.isNull()) {
-                if (expectMB.indexOfIgnoreCase("100-continue", 0) != -1) {
+                if (expectMB.toString().trim().equalsIgnoreCase("100-continue")) {
                     inputBuffer.setSwallowInput(false);
                     request.setExpectation(true);
                 } else {
@@ -904,7 +895,7 @@ public class Http11Processor extends AbstractProcessor {
         }
 
         long contentLength = response.getContentLengthLong();
-        boolean connectionClosePresent = isConnectionClose(headers);
+        boolean connectionClosePresent = isConnectionToken(headers, Constants.CLOSE);
         if (http11 && response.getTrailerFields() != null) {
             // If trailer fields are set, always use chunking
             outputBuffer.addActiveFilter(outputFilters[Constants.CHUNKED_FILTER]);
@@ -995,25 +986,19 @@ public class Http11Processor extends AbstractProcessor {
         outputBuffer.commit();
     }
 
-    private static boolean isConnectionClose(MimeHeaders headers) throws IOException {
+    private static boolean isConnectionToken(MimeHeaders headers, String token) throws IOException {
         MessageBytes connection = headers.getValue(Constants.CONNECTION);
         if (connection == null) {
             return false;
         }
 
         Enumeration<String> values = headers.values(Constants.CONNECTION);
-        Set<String> result = null;
+        Set<String> result = new HashSet<>();
         while (values.hasMoreElements()) {
-            if (result == null) {
-                result = new HashSet<>();
-            }
             TokenList.parseTokenList(new StringReader(values.nextElement()), result);
         }
 
-        if (result == null) {
-            return false;
-        }
-        return result.contains(Constants.CLOSE);
+        return result.contains(token);
     }
 
     private void prepareSendfile(OutputFilter[] outputFilters) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f3e161c..5998058 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -72,6 +72,11 @@
         that started asynchronous processing has completed processing the
         current request/response. (markt)
       </fix>
+      <fix>
+        <bug>63825</bug>: When processing the <code>Expect</code> and
+        <code>Connection</code> HTTP headers looking for a specific token, be
+        stricter in ensuring that the exact token is present. (markt)
+      </fix>
     </changelog>
   </subsection>
 </section>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org