Author: markt
Date: Thu Mar 3 11:41:53 2016
New Revision: 1733448
URL: http://svn.apache.org/viewvc?rev=1733448&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59089
Correctly ignore HTTP headers that include non-token characters in the header
name.
Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1733448&r1=1733447&r2=1733448&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Thu Mar
3 11:41:53 2016
@@ -806,7 +806,7 @@ public class Http11InputBuffer implement
headerData.realPos = pos;
headerData.lastSignificantChar = pos;
break;
- } else if (!HTTP_TOKEN_CHAR[chr]) {
+ } else if (chr < 0 || !HTTP_TOKEN_CHAR[chr]) {
// If a non-token header is detected, skip the line and
// ignore the header
headerData.lastSignificantChar = pos;
Modified: tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java?rev=1733448&r1=1733447&r2=1733448&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
(original)
+++ tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java Thu
Mar 3 11:41:53 2016
@@ -478,4 +478,67 @@ public class TestHttp11InputBuffer exten
}
}
+
+
+ /**
+ * Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=59089
+ */
+ @Test
+ public void testBug59089() {
+
+ Bug59089Client client = new Bug59089Client();
+
+ client.doRequest();
+ assertTrue(client.isResponse200());
+ assertTrue(client.isResponseBodyOK());
+ }
+
+
+ /**
+ * Bug 59089 test client.
+ */
+ private class Bug59089Client extends SimpleHttpClient {
+
+ private Exception doRequest() {
+
+ Tomcat tomcat = getTomcatInstance();
+
+ Context root = tomcat.addContext("", TEMP_DIR);
+ Tomcat.addServlet(root, "Bug59089", new TesterServlet());
+ root.addServletMapping("/test", "Bug59089");
+
+ try {
+ tomcat.start();
+ setPort(tomcat.getConnector().getLocalPort());
+
+ // Open connection
+ connect();
+
+ String[] request = new String[1];
+ request[0] = "GET http://localhost:8080/test HTTP/1.1" + CRLF +
+ "X-Header: Ignore" + CRLF +
+ "X-Header" + (char) 130 + ": Broken" + CRLF + CRLF;
+
+ setRequest(request);
+ processRequest(); // blocks until response has been read
+
+ // Close the connection
+ disconnect();
+ } catch (Exception e) {
+ return e;
+ }
+ return null;
+ }
+
+ @Override
+ public boolean isResponseBodyOK() {
+ if (getResponseBody() == null) {
+ return false;
+ }
+ if (!getResponseBody().contains("OK")) {
+ return false;
+ }
+ return true;
+ }
+ }
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733448&r1=1733447&r2=1733448&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Mar 3 11:41:53 2016
@@ -172,6 +172,10 @@
<bug>59081</bug>: Retain the user defined cipher order when defining
ciphers. (markt)
</fix>
+ <fix>
+ <bug>59089</bug>: Correctly ignore HTTP headers that include non-token
+ characters in the header name. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
