[mina] branch 2.1.X updated: Adds malformed HTTP request check

Mon, 20 Sep 2021 19:45:10 -0700 

This is an automated email from the ASF dual-hosted git repository.

johnnyv pushed a commit to branch 2.1.X
in repository https://gitbox.apache.org/repos/asf/mina.git


The following commit(s) were added to refs/heads/2.1.X by this push:
     new 3bca0bc  Adds malformed HTTP request check
3bca0bc is described below

commit 3bca0bcc3e4615ea234879350c08fd4c4c3fbd20
Author: Wim van Ravesteijn <w...@ravesteijn.nl>
AuthorDate: Mon Sep 20 22:45:00 2021 -0400

    Adds malformed HTTP request check
---
 .../apache/mina/http/HttpServerDecoderTest.java    | 25 ++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git 
a/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java 
b/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
index 87b886d..9cace7f 100644
--- a/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
+++ b/mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java
@@ -20,6 +20,7 @@
 package org.apache.mina.http;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertTrue;
 
 import java.nio.charset.CharacterCodingException;
@@ -41,6 +42,8 @@ public class HttpServerDecoderTest {
 
     private static final ProtocolDecoder decoder = new HttpServerDecoder();
 
+    private static final String DECODER_STATE_ATT = "http.ds";
+    
     /*
      * Use a single session for all requests in order to test state management 
better
      */
@@ -295,4 +298,26 @@ public class HttpServerDecoderTest {
         assertEquals("localhost", request.getHeader("host"));
         assertTrue(out.getMessageQueue().poll() instanceof HttpEndOfContent);
     }
+    
+    @Test
+    public void dosOnRequestWithAdditionalData() throws Exception {
+        AbstractProtocolDecoderOutput out = new 
AbstractProtocolDecoderOutput() {
+            public void flush(NextFilter nextFilter, IoSession session) {
+            }
+        };
+        IoBuffer buffer = IoBuffer.allocate(0).setAutoExpand(true);
+        buffer.putString("GET / HTTP/1.0\r\nHost:localhost  \r\n\r\ndummy", 
encoder);
+        buffer.rewind();
+        int prevBufferPosition = buffer.position();
+        while (buffer.hasRemaining()) {
+            decoder.decode(session, buffer, out);
+            assertNotEquals("Buffer at new position", prevBufferPosition, 
buffer.position());
+            prevBufferPosition = buffer.position();
+        }
+        assertEquals(2, out.getMessageQueue().size());
+        HttpRequest request = (HttpRequest) out.getMessageQueue().poll();
+        assertEquals("localhost", request.getHeader("host"));
+        assertTrue(out.getMessageQueue().poll() instanceof HttpEndOfContent);
+        session.removeAttribute(DECODER_STATE_ATT); // This test leaves 
session in HEAD state, crashing following test
+    }
 }

Reply via email to