Author: markt
Date: Wed Nov 2 11:58:45 2016
New Revision: 1767645
URL: http://svn.apache.org/viewvc?rev=1767645&view=rev
Log:
Add additional checks for valid characters to the HTTP request line
parsing so invalid request lines are rejected sooner.
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
tomcat/tc8.5.x/trunk/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Nov 2 11:58:45 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,1762168,176217
2,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763786,1763798-1763799,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1767047,1767328,1767362,1767368,1767429,1767471,1767505
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,1762168,176217
2,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763786,1763798-1763799,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767643
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1767645&r1=1767644&r2=1767645&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
Wed Nov 2 11:58:45 2016
@@ -28,6 +28,7 @@ import org.apache.juli.logging.LogFactor
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.MimeHeaders;
+import org.apache.tomcat.util.http.parser.HttpParser;
import org.apache.tomcat.util.net.ApplicationBufferHandler;
import org.apache.tomcat.util.net.SocketWrapperBase;
import org.apache.tomcat.util.res.StringManager;
@@ -48,56 +49,6 @@ public class Http11InputBuffer implement
private static final StringManager sm =
StringManager.getManager(Http11InputBuffer.class);
- private static final boolean[] HTTP_TOKEN_CHAR = new boolean[128];
- static {
- for (int i = 0; i < 128; i++) {
- if (i < 32) {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == 127) {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '(') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == ')') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '<') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '>') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '@') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == ',') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == ';') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == ':') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '\\') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '\"') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '/') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '[') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == ']') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '?') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '=') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '{') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == '}') {
- HTTP_TOKEN_CHAR[i] = false;
- } else if (i == ' ') {
- HTTP_TOKEN_CHAR[i] = false;
- } else {
- HTTP_TOKEN_CHAR[i] = true;
- }
- }
- }
-
-
private static final byte[] CLIENT_PREFACE_START =
"PRI *
HTTP/2.0\r\n\r\nSM\r\n\r\n".getBytes(StandardCharsets.ISO_8859_1);
@@ -461,7 +412,7 @@ public class Http11InputBuffer implement
space = true;
request.method().setBytes(byteBuffer.array(),
parsingRequestLineStart,
pos - parsingRequestLineStart);
- } else if (!HTTP_TOKEN_CHAR[chr]) {
+ } else if (!HttpParser.isToken(chr)) {
byteBuffer.position(byteBuffer.position() - 1);
throw new
IllegalArgumentException(sm.getString("iib.invalidmethod"));
}
@@ -512,6 +463,8 @@ public class Http11InputBuffer implement
end = pos;
} else if (chr == Constants.QUESTION && parsingRequestLineQPos
== -1) {
parsingRequestLineQPos = pos;
+ } else if (HttpParser.isNotRequestTarget(chr)) {
+ throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
}
}
if (parsingRequestLineQPos >= 0) {
@@ -549,7 +502,7 @@ public class Http11InputBuffer implement
if (parsingRequestLinePhase == 6) {
//
// Reading the protocol
- // Protocol is always US-ASCII
+ // Protocol is always "HTTP/" DIGIT "." DIGIT
//
while (!parsingRequestLineEol) {
// Read new bytes if needed
@@ -567,6 +520,8 @@ public class Http11InputBuffer implement
end = pos;
}
parsingRequestLineEol = true;
+ } else if (!HttpParser.isHttpProtocol(chr)) {
+ throw new
IllegalArgumentException(sm.getString("iib.invalidHttpProtocol"));
}
}
@@ -831,7 +786,7 @@ public class Http11InputBuffer implement
headerData.realPos = pos;
headerData.lastSignificantChar = pos;
break;
- } else if (chr < 0 || !HTTP_TOKEN_CHAR[chr]) {
+ } else if (!HttpParser.isToken(chr)) {
// If a non-token header is detected, skip the line and
// ignore the header
headerData.lastSignificantChar = pos;
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1767645&r1=1767644&r2=1767645&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
Wed Nov 2 11:58:45 2016
@@ -31,8 +31,10 @@ iib.available.readFail=A non-blocking re
iib.eof.error=Unexpected EOF read on the socket
iib.failedread.apr=Read failed with APR/native error code [{0}]
iib.filter.npe=You may not add a null filter
-iib.invalidheader=The HTTP header line [{0}] does not conform to RFC 2616 and
has been ignored.
+iib.invalidheader=The HTTP header line [{0}] does not conform to RFC 7230 and
has been ignored.
iib.invalidmethod=Invalid character found in method name. HTTP method names
must be tokens
+iib.invalidRequestTarget=Invalid character found in the request target. The
valid characters are defined in RFC 7230 and RFC 3986
+iib.invalidHttpProtocol=Invalid character found in the HTTP protocol
iib.parseheaders.ise.error=Unexpected state: headers already parsed. Buffer
not recycled?
iib.readtimeout=Timeout attempting to read data from the socket
iib.requestheadertoolarge.error=Request header is too large
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1767645&r1=1767644&r2=1767645&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
Wed Nov 2 11:58:45 2016
@@ -40,6 +40,8 @@ public class HttpParser {
private static final boolean[] IS_SEPARATOR = new boolean[ARRAY_SIZE];
private static final boolean[] IS_TOKEN = new boolean[ARRAY_SIZE];
private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_NOT_REQUEST_TARGET = new
boolean[ARRAY_SIZE];
+ private static final boolean[] IS_HTTP_PROTOCOL = new boolean[ARRAY_SIZE];
static {
for (int i = 0; i < ARRAY_SIZE; i++) {
@@ -65,6 +67,21 @@ public class HttpParser {
if ((i >= '0' && i <='9') || (i >= 'a' && i <= 'f') || (i >= 'A'
&& i <= 'F')) {
IS_HEX[i] = true;
}
+
+ // Not valid for request target.
+ // Combination of multiple rules from RFC7230 and RFC 3986. Must be
+ // ASCII, no controls plus a few additional characters excluded
+ if (IS_CONTROL[i] || i > 127 ||
+ i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>'
|| i == '\\' ||
+ i == '^' || i == '`' || i == '{' || i == '|' || i == '}')
{
+ IS_NOT_REQUEST_TARGET[i] = true;
+ }
+
+ // Not valid for HTTP protocol
+ // "HTTP/" DIGIT "." DIGIT
+ if (i == 'H' || i == 'T' || i == 'P' || i == '/' || i == '.' || (i
>= '0' && i <= '9')) {
+ IS_HTTP_PROTOCOL[i] = true;
+ }
}
}
@@ -99,6 +116,7 @@ public class HttpParser {
return result.toString();
}
+
public static boolean isToken(int c) {
// Fast for correct values, slower for incorrect ones
try {
@@ -108,8 +126,9 @@ public class HttpParser {
}
}
+
public static boolean isHex(int c) {
- // Fast for correct values, slower for incorrect ones
+ // Fast for correct values, slower for some incorrect ones
try {
return IS_HEX[c];
} catch (ArrayIndexOutOfBoundsException ex) {
@@ -117,6 +136,29 @@ public class HttpParser {
}
}
+
+ public static boolean isNotRequestTarget(int c) {
+ // Fast for valid request target characters, slower for some incorrect
+ // ones
+ try {
+ return IS_NOT_REQUEST_TARGET[c];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return true;
+ }
+ }
+
+
+ public static boolean isHttpProtocol(int c) {
+ // Fast for valid HTTP protocol characters, slower for some incorrect
+ // ones
+ try {
+ return IS_HTTP_PROTOCOL[c];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return false;
+ }
+ }
+
+
// Skip any LWS and return the next char
static int skipLws(StringReader input, boolean withReset) throws
IOException {
Modified:
tomcat/tc8.5.x/trunk/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java?rev=1767645&r1=1767644&r2=1767645&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
(original)
+++
tomcat/tc8.5.x/trunk/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
Wed Nov 2 11:58:45 2016
@@ -232,7 +232,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*)/(.*) /c/\u00A1$1?$2 [R,NE]",
- "/b/%C2%A1/id=%C2%A1?di=%C2%AE",
"/c/\u00C2\u00A1\u00C2\u00A1", "id=\u00C2\u00A1");
+ "/b/%C2%A1/id=%C2%A1?di=%C2%AE", null);
}
@@ -242,7 +242,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*)/(.*) /c/\u00A1$1?$2 [R,B,NE]",
- "/b/%C2%A1/id=%C2%A1?di=%C2%AE", "/c/\u00C2\u00A1%C2%A1",
"id=%C2%A1");
+ "/b/%C2%A1/id=%C2%A1?di=%C2%AE", null);
}
@@ -279,8 +279,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*)/(.*) /c/\u00A1$1?$2 [R,NE,QSA]",
- "/b/%C2%A1/id=%C2%A1?di=%C2%AE", "/c/\u00C2\u00A1\u00C2\u00A1",
- "id=\u00C2\u00A1&di=\u00C2\u00AE");
+ "/b/%C2%A1/id=%C2%A1?di=%C2%AE", null);
}
@@ -290,8 +289,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*)/(.*) /c/\u00A1$1?$2 [R,B,NE,QSA]",
- "/b/%C2%A1/id=%C2%A1?di=%C2%AE", "/c/\u00C2\u00A1%C2%A1",
- "id=%C2%A1&di=\u00C2\u00AE");
+ "/b/%C2%A1/id=%C2%A1?di=%C2%AE", null);
}
@@ -333,7 +331,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*) /c/\u00A1$1 [R,NE]",
- "/b/%C2%A1?id=%C2%A1", "/c/\u00C2\u00A1\u00C2\u00A1",
"id=\u00C2\u00A1");
+ "/b/%C2%A1?id=%C2%A1", null);
}
@@ -343,7 +341,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*) /c/\u00A1$1 [R,B,NE]",
- "/b/%C2%A1?id=%C2%A1", "/c/\u00C2\u00A1%C2%A1",
"id=\u00C2\u00A1");
+ "/b/%C2%A1?id=%C2%A1", null);
}
@@ -394,7 +392,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*)/(.*) /c/\u00A1$1?$2 [R,NE]",
- "/b/%C2%A1/id=%C2%A1", "/c/\u00C2\u00A1\u00C2\u00A1",
"id=\u00C2\u00A1");
+ "/b/%C2%A1/id=%C2%A1", null);
}
@@ -404,7 +402,7 @@ public class TestRewriteValve extends To
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
doTestRewrite("RewriteRule ^/b/(.*)/(.*) /c/\u00A1$1?$2 [R,B,NE]",
- "/b/%C2%A1/id=%C2%A1", "/c/\u00C2\u00A1%C2%A1", "id=%C2%A1");
+ "/b/%C2%A1/id=%C2%A1", null);
}
@@ -450,8 +448,7 @@ public class TestRewriteValve extends To
// Note %C2%A1 == \u00A1
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
- doTestRewrite("RewriteRule ^/b/(.*) /c/\u00A1$1 [R,NE]",
- "/b/%C2%A1", "/c/\u00C2\u00A1\u00C2\u00A1");
+ doTestRewrite("RewriteRule ^/b/(.*) /c/\u00A1$1 [R,NE]", "/b/%C2%A1",
null);
}
@@ -460,8 +457,7 @@ public class TestRewriteValve extends To
// Note %C2%A1 == \u00A1
// Failing to escape the redirect means UTF-8 bytes in the Location
// header which will be treated as if they are ISO-8859-1
- doTestRewrite("RewriteRule ^/b/(.*) /c/\u00A1$1 [R,B,NE]",
- "/b/%C2%A1", "/c/\u00C2\u00A1%C2%A1");
+ doTestRewrite("RewriteRule ^/b/(.*) /c/\u00A1$1 [R,B,NE]",
"/b/%C2%A1", null);
}
@@ -515,22 +511,29 @@ public class TestRewriteValve extends To
tomcat.start();
- ByteChunk res = getUrl("http://localhost:" + getPort() + request);
+ ByteChunk res = new ByteChunk();
+ int rc = getUrl("http://localhost:" + getPort() + request, res, null);
res.setCharset(StandardCharsets.UTF_8);
- String body = res.toString();
- RequestDescriptor requestDesc = SnoopResult.parse(body);
- String requestURI = requestDesc.getRequestInfo("REQUEST-URI");
- Assert.assertEquals(expectedURI, requestURI);
-
- if (expectedQueryString != null) {
- String queryString =
requestDesc.getRequestInfo("REQUEST-QUERY-STRING");
- Assert.assertEquals(expectedQueryString, queryString);
- }
-
- if (expectedAttributeValue != null) {
- String attributeValue = requestDesc.getAttribute("X-Test");
- Assert.assertEquals(expectedAttributeValue, attributeValue);
+ if (expectedURI == null) {
+ // Rewrite is expected to fail. Probably because invalid characters
+ // were written into the request target
+ Assert.assertEquals(400, rc);
+ } else {
+ String body = res.toString();
+ RequestDescriptor requestDesc = SnoopResult.parse(body);
+ String requestURI = requestDesc.getRequestInfo("REQUEST-URI");
+ Assert.assertEquals(expectedURI, requestURI);
+
+ if (expectedQueryString != null) {
+ String queryString =
requestDesc.getRequestInfo("REQUEST-QUERY-STRING");
+ Assert.assertEquals(expectedQueryString, queryString);
+ }
+
+ if (expectedAttributeValue != null) {
+ String attributeValue = requestDesc.getAttribute("X-Test");
+ Assert.assertEquals(expectedAttributeValue, attributeValue);
+ }
}
}
}
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1767645&r1=1767644&r2=1767645&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Wed Nov 2 11:58:45 2016
@@ -151,6 +151,10 @@
Improve detection of I/O errors during async processing on
non-container
threads and trigger async error handling when they are detected.
(markt)
</fix>
+ <add>
+ Add additional checks for valid characters to the HTTP request line
+ parsing so invalid request lines are rejected sooner. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]