Author: markt
Date: Mon Jan 29 13:13:49 2018
New Revision: 1822504
URL: http://svn.apache.org/viewvc?rev=1822504&view=rev
Log:
Refactor the handling of invalid URIs so the ErrorReportValve can be used.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
tomcat/trunk/java/org/apache/catalina/mapper/Mapper.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1822504&r1=1822503&r2=1822504&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java Mon Jan
29 13:13:49 2018
@@ -587,13 +587,12 @@ public class CoyoteAdapter implements Ad
}
// Always allow options
res.setHeader("Allow", allow.toString());
+ // Access log entry as processing won't reach AccessLogValve
+ connector.getService().getContainer().logAccess(request,
response, 0, true);
+ return false;
} else {
- res.setStatus(404);
- res.setMessage("Not found");
+ response.sendError(400, "Invalid URI");
}
- connector.getService().getContainer().logAccess(
- request, response, 0, true);
- return false;
}
MessageBytes decodedURI = req.decodedURI();
@@ -612,29 +611,17 @@ public class CoyoteAdapter implements Ad
try {
req.getURLDecoder().convert(decodedURI, false);
} catch (IOException ioe) {
- res.setStatus(400);
- res.setMessage("Invalid URI: " + ioe.getMessage());
- connector.getService().getContainer().logAccess(
- request, response, 0, true);
- return false;
+ response.sendError(400, "Invalid URI: " + ioe.getMessage());
}
// Normalization
if (!normalize(req.decodedURI())) {
- res.setStatus(400);
- res.setMessage("Invalid URI");
- connector.getService().getContainer().logAccess(
- request, response, 0, true);
- return false;
+ response.sendError(400, "Invalid URI");
}
// Character decoding
convertURI(decodedURI, request);
// Check that the URI is still normalized
if (!checkNormalize(req.decodedURI())) {
- res.setStatus(400);
- res.setMessage("Invalid URI character encoding");
- connector.getService().getContainer().logAccess(
- request, response, 0, true);
- return false;
+ response.sendError(400, "Invalid URI");
}
} else {
/* The URI is chars or String, and has been sent using an in-memory
@@ -650,8 +637,7 @@ public class CoyoteAdapter implements Ad
CharChunk uriCC = decodedURI.getCharChunk();
int semicolon = uriCC.indexOf(';');
if (semicolon > 0) {
- decodedURI.setChars
- (uriCC.getBuffer(), uriCC.getStart(), semicolon);
+ decodedURI.setChars(uriCC.getBuffer(), uriCC.getStart(),
semicolon);
}
}
@@ -673,15 +659,26 @@ public class CoyoteAdapter implements Ad
Context versionContext = null;
boolean mapRequired = true;
+ if (response.isError()) {
+ // An error this early means the URI is invalid. Ensure invalid
data
+ // is not passed to the mapper. Note we still want the mapper to
+ // find the correct host.
+ decodedURI.recycle();
+ }
+
while (mapRequired) {
// This will map the the latest version by default
connector.getService().getMapper().map(serverName, decodedURI,
version, request.getMappingData());
- // If there is no context at this point, it is likely no ROOT
context
- // has been deployed
+ // If there is no context at this point, either this is a 404
+ // because no ROOT context has been deployed or the URI was invalid
+ // so no context could be mapped.
if (request.getContext() == null) {
- response.sendError(404, "Not found");
+ // Don't overwrite an existing error
+ if (!response.isError()) {
+ response.sendError(404, "Not found");
+ }
// Allow processing to continue.
// If present, the error reporting valve will provide a
response
// body.
Modified: tomcat/trunk/java/org/apache/catalina/mapper/Mapper.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/mapper/Mapper.java?rev=1822504&r1=1822503&r2=1822504&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/mapper/Mapper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/mapper/Mapper.java Mon Jan 29
13:13:49 2018
@@ -741,8 +741,6 @@ public final class Mapper {
throw new AssertionError();
}
- uri.setLimit(-1);
-
// Virtual host mapping
MappedHost[] hosts = this.hosts;
MappedHost mappedHost = exactFindIgnoreCase(hosts, host);
@@ -769,6 +767,13 @@ public final class Mapper {
}
mappingData.host = mappedHost.object;
+ if (uri.isNull()) {
+ // Can't map context or wrapper without a uri
+ return;
+ }
+
+ uri.setLimit(-1);
+
// Context mapping
ContextList contextList = mappedHost.contextList;
MappedContext[] contexts = contextList.contexts;
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1822504&r1=1822503&r2=1822504&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jan 29 13:13:49 2018
@@ -79,6 +79,10 @@
Pass 404 errors triggered by a missing ROOT web application to the
container error handling to generate the response body. (markt)
</add>
+ <add>
+ Pass 400 errors triggered by invalid request targets to the container
+ error handling to generate the response body. (markt)
+ </add>
<fix>
Provide a correct <code>Allow</code> header when responding to an HTTP
<code>TRACE</code> request for a JSP with a 405 status code. (markt)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
