Author: fhanik
Date: Wed Jul 19 06:00:42 2006
New Revision: 423453
URL: http://svn.apache.org/viewvc?rev=423453&view=rev
Log:
Fixed chunked input filter to parse the header correctly. Performs strict
parsing according to the RFC2616, so if the header is invalid it bails out.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Constants.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Constants.java?rev=423453&r1=423452&r2=423453&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Constants.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Constants.java Wed Jul
19 06:00:42 2006
@@ -83,6 +83,12 @@
* COLON.
*/
public static final byte COLON = (byte) ':';
+
+ /**
+ * SEMI_COLON.
+ */
+ public static final byte SEMI_COLON = (byte) ';';
+
/**
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=423453&r1=423452&r2=423453&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Wed Jul 19 06:00:42 2006
@@ -27,9 +27,11 @@
import org.apache.coyote.http11.InputFilter;
/**
- * Chunked input filter.
+ * Chunked input filter. Parses chunked data according to
+ * <a
href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6.1";>http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6.1</a><br>
*
* @author Remy Maucherat
+ * @author Filip Hanik
*/
public class ChunkedInputFilter implements InputFilter {
@@ -127,7 +129,7 @@
if (remaining <= 0) {
if (!parseChunkHeader()) {
- throw new IOException("Invalid chunk");
+ throw new IOException("Invalid chunk header");
}
if (endChunk) {
parseEndChunk();
@@ -234,6 +236,12 @@
/**
* Parse the header of a chunk.
+ * A chunk header can look like
+ * A10CRLF
+ * F23;chunk-extension to be ignoredCRLF
+ * The letters before CRLF but after the trailer mark, must be valid hex
digits,
+ * we should not parse F23IAMGONNAMESSTHISUP34CRLF as a valid header
+ * according to spec
*/
protected boolean parseChunkHeader()
throws IOException {
@@ -241,6 +249,7 @@
int result = 0;
boolean eol = false;
boolean readDigit = false;
+ boolean trailer = false;
while (!eol) {
@@ -252,11 +261,18 @@
if (buf[pos] == Constants.CR) {
} else if (buf[pos] == Constants.LF) {
eol = true;
- } else {
+ } else if (buf[pos] == Constants.SEMI_COLON) {
+ trailer = true;
+ } else if (!trailer) {
+ //don't read data after the trailer
if (HexUtils.DEC[buf[pos]] != -1) {
readDigit = true;
result *= 16;
result += HexUtils.DEC[buf[pos]];
+ } else {
+ //we shouldn't allow invalid, non hex characters
+ //in the chunked header
+ return false;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
