You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/02 18:17:21 UTC
[tomcat] branch 8.5.x updated: Improve fix for addressing the CRCRLF edge case
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 432cd66874 Improve fix for addressing the CRCRLF edge case
432cd66874 is described below
commit 432cd668744976ad214a1c5d776d3e6eb03aab9e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Aug 2 18:58:37 2022 +0100
Improve fix for addressing the CRCRLF edge case
---
java/org/apache/coyote/http11/Http11InputBuffer.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 20bc3816bd..eef700d5f5 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -956,6 +956,10 @@ public class Http11InputBuffer implements InputBuffer, ApplicationBufferHandler
if (!(chr == Constants.SP || chr == Constants.HT)) {
headerParsePos = HeaderParsePosition.HEADER_VALUE;
byteBuffer.position(byteBuffer.position() - 1);
+ // Avoids prevChr = chr at start of header value
+ // parsing which causes problems when chr is CR
+ // (in the case of an empty header value)
+ chr = 0;
break;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org