Author: markt
Date: Mon Oct 17 14:45:57 2016
New Revision: 1765299
URL: http://svn.apache.org/viewvc?rev=1765299&view=rev
Log:
DEL is not valid in a token.
Refactor with a view to re-using this code more widely in the Tomcat codebase.
Added:
tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
(with props)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1765299&r1=1765298&r2=1765299&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java Mon
Oct 17 14:45:57 2016
@@ -34,33 +34,41 @@ import java.io.StringReader;
*/
public class HttpParser {
- // Arrays used by isToken(), isHex()
- private static final boolean isToken[] = new boolean[128];
- private static final boolean isHex[] = new boolean[128];
+ private static final int ARRAY_SIZE = 128;
+
+ private static final boolean[] IS_CONTROL = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_SEPARATOR = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_TOKEN = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE];
static {
- // Setup the flag arrays
- for (int i = 0; i < 128; i++) {
- if (i <= 32) { // includes '\t' and ' '
- isToken[i] = false;
- } else if (i == '(' || i == ')' || i == '<' || i == '>' || i ==
'@' ||
- i == ',' || i == ';' || i == ':' || i == '\\' || i ==
'\"' ||
- i == '/' || i == '[' || i == ']' || i == '?' || i ==
'=' ||
- i == '{' || i == '}') {
- isToken[i] = false;
- } else {
- isToken[i] = true;
+ for (int i = 0; i < ARRAY_SIZE; i++) {
+ // Control> 0-31, 127
+ if (i < 32 || i == 127) {
+ IS_CONTROL[i] = true;
}
- if (i >= '0' && i <= '9' || i >= 'A' && i <= 'F' ||
- i >= 'a' && i <= 'f') {
- isHex[i] = true;
- } else {
- isHex[i] = false;
+ // Separator
+ if ( i == '(' || i == ')' || i == '<' || i == '>' || i == '@'
||
+ i == ',' || i == ';' || i == ':' || i == '\\' || i == '\"'
||
+ i == '/' || i == '[' || i == ']' || i == '?' || i == '='
||
+ i == '{' || i == '}' || i == ' ' || i == '\t') {
+ IS_SEPARATOR[i] = true;
+ }
+
+ // Token: Anything 0-127 that is not a control and not a separator
+ if (!IS_CONTROL[i] && !IS_SEPARATOR[i] && i < 128) {
+ IS_TOKEN[i] = true;
+ }
+
+ // Hex: 0-9, a-f, A-F
+ if ((i >= '0' && i <='9') || (i >= 'a' && i <= 'f') || (i >= 'A'
&& i <= 'F')) {
+ IS_HEX[i] = true;
}
}
}
+
public static String unquote(String input) {
if (input == null || input.length() < 2) {
return input;
@@ -91,19 +99,19 @@ public class HttpParser {
return result.toString();
}
- static boolean isToken(int c) {
+ public static boolean isToken(int c) {
// Fast for correct values, slower for incorrect ones
try {
- return isToken[c];
+ return IS_TOKEN[c];
} catch (ArrayIndexOutOfBoundsException ex) {
return false;
}
}
- static boolean isHex(int c) {
+ public static boolean isHex(int c) {
// Fast for correct values, slower for incorrect ones
try {
- return isHex[c];
+ return IS_HEX[c];
} catch (ArrayIndexOutOfBoundsException ex) {
return false;
}
Added: tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParser.java?rev=1765299&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
(added)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
Mon Oct 17 14:45:57 2016
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.parser;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestHttpParser {
+
+ @Test
+ public void testTokenDel() {
+ Assert.assertFalse("DEL is not a token", HttpParser.isToken(127));
+ }
+}
Propchange:
tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1765299&r1=1765298&r2=1765299&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Oct 17 14:45:57 2016
@@ -103,6 +103,10 @@
return a 500 response when an unhandled exception occurs during request
processing. (markt)
</fix>
+ <fix>
+ Correct the HTTP header parser so that DEL is not treated as a valid
+ token character. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
