Author: markt
Date: Thu Apr 26 19:58:35 2018
New Revision: 1830262
URL: http://svn.apache.org/viewvc?rev=1830262&view=rev
Log:
First step in addressing https://bz.apache.org/bugzilla/show_bug.cgi?id=62273
This commit actually tightens up the parsing by validating each part of the
request target individually. Subsequent commits will introduce options to
separately relax the parsing of the path segments and the query string.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/buf/ByteChunk.java
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
tomcat/tc8.0.x/trunk/test/org/apache/catalina/core/TestApplicationContext.java
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Apr 26 19:58:35 2018
@@ -1,2 +1,2 @@
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880,1809831,1812093,1812143,1812145,1812319,1814975,1815945,1815956,1820207,1822186,1823164,1823497,1824960,1826872-1826873,1827862,1829310,1829777,1829796,1829935
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
666387,1666494,1666496,1666552,1666569,1666579,1666637,1666649,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452
7,1684549-1684550,1685556,1685591,1685739,1685744,1685772,1685816,1685826,1685891,1687242,1687261,1687268,1687340,1687544,1687549,1687551,1688563,1688841,1688878,1688885,1688896,1688901,1689345-1689346,1689357,1689656,1689675-1689677,1689679,1689687,1689825,1689856,1689918,1690011,1690021,1690054,1690080,1690209,1691134,1691487,1691813,1692744-1692747,1692849,1692894,1692896,1693088,1693105,1693429,1693461,1694058,1694111,1694290,1694501,1694548,1694658,1694660,1694788,1694872,1694878,1695006,1695354,1695371,1695379,1695459,1695582,1695706,1695778,1696199,1696272,1696280,1696366-1696368,1696378,1696390,1696392,1696467,1698212,1698220,1700607,1700870,1700896,1700977,1701093,1701113,1701123,1701213,1701607,1701666,1701673,1701760-1701761,1701765,1701940,1702092,1702183,1702244,1702246,1702250,1702268,1702313,1702531,1702630-1702635,1702637-1702638,1702640,1702647,1702660,1702662,1702665-1702666,1702668,1702671-1702673,1702675-1702676,1702680,1702722,1702778,1702795,1702862,1702881,170
2886,1702910,1702923,1702971,1702984,1703024,1703040,1703044,1703049-1703050,1703143,1703146,1703151,1703160,1703164,1703167,1703174,1703192,1703287,1703290,1703358,1703408,1703486,1703509,1703523,1703542,1703545,1703554,1703584,1703673,1703676,1703678,1703680,1703763,1703784,1703821,1703842,1703849,1703851,1703853,1703856,1703860,1703865,1703890,1703948,1704149,1704151,1704251,1704278,1704289,1704302,1704305,1704307,1704318,1704331,1704647,1704658,1704689,1704702,1704706,1704711,1704730-1704733,1704735,1704739,1704741-1704742,1704744,1704786,1704867,1705231,1705630,1705635,1705639,1705647,1705650-1705652,1705842,1705848,1705865-1705866,1705942,1706017,1706744-1706745,1706853,1706915,1707052,1707088,1708500-1708501,1708504-1708505,1708570,1708649,1708687,1708745,1708957,1709120,1709266,1709295,1709375,1709663,1709895,1709960,1710070,1710134,1710341,1710346,1710441,1710445,1710489,1710517,1710523,1710571,1710577,1710632,1710676,1710689,1710753-1710754,1710779,1710924,1710930,1710933,
1710945,1711006,1711016,1711022,1711026,1712163,1712225,1712228,1712233,1712250,1712254,1712489,1712547-1712548,1712588,1712617,1712645,1712654,1712695,1712765-1712766,1712771,1712775,1712859,1712876,1712898,1712902,1712905,1712912,1712974,1713129,1713168,1713184,1713285,1713362,1713397,1713446,1713612,1713618,1713871,1713931,1713975,1713987,1713992,1713997,1714002,1714012,1714019,1714054,1714521,1714535,1714537,1715168,1715188,1715206,1715413,1715415,1715434,1715510-1715512,1715514-1715515,1715517-1715519,1715521,1715633,1715661,1715682,1715965,1716213-1716214,1716258,1716269,1716347,1716354,1716364,1716413,1716420,1716511,1716543,1716640,1716644,1716856,1716858,1716881-1716882,1716886,1716894,1717085,1717225,1717233,1717252,1717264,1717282,1717286,1717290,1717385,1717416,1717418,1717445,1717515,1717520,1717528,1717965,1717967-1717968,1717979,1718022,1718308,1718523,1718794,1718796,1718834,1718836-1718838,1719276,1719278,1719291,1719315,1719332,1719334,1719340,1719346,1719441,17194
46,1719488,1719909-1719910,1720200,1720234,1720394,1720439,1720445,1720448,1720462,1720506,1720652,1720654-1720655,1720711,1720752,1720769,1720776,1720804,1720815,1721303,1721307,1721311,1721314,1721447,1721528,1721539,1721812,1721817,1721830,1721860,1721866,1721881,1721887,1722205,1722292,1722399,1722453,1722455,1722522,1722526,1722532,1722548,1722574,1722583,1722585,1722799,1722807,1722824,1722828-1722829,1722831,1722859,1722902,1722905,1722923,1722939,1722945,1722996,1723068,1723127,1723155,1723250,1723316-1723318,1723368,1723371,1723375,1723377,1723380,1723410,1723414,1723437,1723484,1723486,1723493-1723494,1723500,1723552,1723554,1723683,1723707,1723736,1723806,1724012,1724232,1724252,1724325,1724427-1724428,1724433,1724673,1724788,1724863,1724900,1724997,1725113,1725126-1725127,1725150,1725165,1725183,1725199,1725202,1725204,1725207,1725263-1725264,1725266,1725278,1725282,1725405,1725599,1725601,1725635,1725646,1725649-1725652,1725694,1725696-1725697,1725816,1725851,1725906-17
25907,1725910,1725914,1725920,1725926,1726177,1726202,1726628,1726632,1726637,1726639,1726648,1726651,1726654,1726669,1726676,1726803,1726925-1726926,1726972-1726973,1726991,1727162,1727670,1727675,1727899,1727914,1727917,1728091,1728138,1728433,1728448,1728664,1728677,1729185,1729361,1729625,1729730,1730101-1730102,1730137,1730612,1730946-1730975,1731008,1731055,1731079,1731283,1731856,1731882,1731946-1731958,1731976-1731983,1732359,1732488,1732900-1733448,1733602,1733617-1733963,1733978,1734113,1734128,1734192,1734258,1734301,1734418-1734454,1734466-1734512,1734522,1734592,1734594,1734597,1735041,1735577,1736162,1736209,1736280,1736646,1736836,1737119,1737280,1737339,1737632,1737664,1737715,1737834,1737903,1737959,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738643,1738850,1738982,1738996,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324
,1740465,1740509,1740520,1740535,1740707,1740803,1740810,1740980,1740991,1741015,1741147,1741173,1741181,1741190,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741677,1741892,1741896,1742071,1742090,1742093,1742101,1742105,1742111,1742146,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742919,1742975,1742984,1742986,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743697,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744760,1744786,1745227,1745337,1746306,1746427,1746473,1746620,1746649,1746724,1746939,1746989,1747536,1747924,1748001,1748547,1748629,1748715,1749287,1749328,1749665-1749666,1750015,1750056,1750899,1750975,1750995,1751061,1751097,1752212,1752737,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754
950-1754951,1755214,1755224,1755230,1755646-1755647,1755650,1755675,1755693,1755717,1755884,1755890,1755918-1755919,1755942,1756013,1756019,1756039,1756408,1756410,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757495,1757499,1757527,1757997,1758072-1758075,1758078-1758079,1758292,1758369,1758423,1758425-1758427,1758430,1758486-1758487,1758499,1758556,1758582,1758584,1758588,1758842,1759019,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1760022,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761491,1761498,1761500-1761501,1761550,1761625-1761626,1761628,1761682,1761740,1762123,1762168,1762172,1762182,1762202,1762288,1762296,1762348,1762353,1762374,1762541,1762608,1762710,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276,1763319,1763370,1763372,1763375,1763377,1763393,1763412,1
763430,1763477,1763479,1763512,1763574,1763634-1763635,1763718,1763786,1763798-1763799,1763810,1764083,1764659,1764682,1764897,1765299,1765358,1765439,1765571,1766276,1766514,1766822,1766834,1766840,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1768651,1768762,1768922,1769263,1770140,1770180,1770258,1770656,1770666,1770718,1770762,1771087,1771139,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771963,1772174,1772223,1772229,1772554,1772849,1772947,1773418,1773756,1773813-1773814,1774052,1774131,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1775596,1776540,1776937,1777011,1777173,1777211,1777261,1777524,1777605,1777647,1778061,1778138-1778139,1778141-1778150,1778154,1779654,1779718,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1781569,1781986,1782814,1782857,1782868,1782946,1783144,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784751,1784963,1785271,178566
7,1785762,1785774,1785823,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787250,1787662,1788224,1788241-1788242,1788248,1788323-1788324,1788328,1788741,1788747,1788764,1789051,1789400,1789415,1789442,1789685,1789733,1789735,1789744-1789745,1790119,1790180,1790183,1790376,1790443,1791027-1791028,1791050,1791527,1791557,1792460,1792468,1793468,1793487,1793498,1793502,1793514,1793712,1793736,1793746,1793771,1793819,1793980,1794556,1794674,1795278,1795298,1795305,1795813,1795893,1796275,1796693-1796694,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797678,1797692,1797694,1797748,1797828,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799285,1799368,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800791,1800816,1800981,1800984,1800988,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802403,1802475,180
2490,1802639,1802796,1802820,1802828,1802833,1802836,1803205,1803446,1803451,1803616,1803828,1803901,1804306,1804461-1804462,1804501,1804506-1804507,1804890,1804906,1805613,1805637,1805645,1805652,1805782,1806736,1806794,1806798,1806801,1806807,1806966,1806973,1807004,1807205-1807206,1807455,1807686,1807698,1808116,1808156,1808266,1808466,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809212,1809214,1809239,1809248,1809265,1809317,1809434,1809669,1809674,1809684,1809711,1809908,1809922,1810106,1810300,1811119,1811122,1811132,1811137,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811328,1811560,1811704,1811837-1811839,1811861,1811932,1812088,1812092,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812617,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815319,1815325,1815451,1815459,1815505,1815615,1815778,1815786,1815790,1815903,1815944,1815954,1816083,1816120,1816128,1816140,1816147,1816157,1816338,1816563,1816647,1817089,1817092,
1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1818179,1818184,1820003,1820138,1820153,1820194,1820196-1820197,1820202,1820206,1820222,1820272,1820279,1820302,1820634,1820701,1820705,1820932,1821157,1821167,1821197-1821203,1821225,1821234-1821235,1821251,1821293,1821328,1821381,1821490,1821708,1822109,1822111,1822116,1822232,1822644,1822775,1822945-1822946,1823006-1823007,1823111,1823161,1823306,1823310,1823337,1823481,1823492,1823495,1823540,1824297,1824311,1824323,1824357,1824766,1824774,1824892,1824901,1824959,1825054,1825713,1825738,1825872,1826361,1826375,1826688,1826731,1826825,1826867,1826869,1827363,1827368,1827491,1827498,1827860,1828016,1828223-1828239,1828253,1828262,1828545,1828565,1829082,1829084,1829086,1829879,1829915,1829934,1830013,1830051
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
666387,1666494,1666496,1666552,1666569,1666579,1666637,1666649,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452
7,1684549-1684550,1685556,1685591,1685739,1685744,1685772,1685816,1685826,1685891,1687242,1687261,1687268,1687340,1687544,1687549,1687551,1688563,1688841,1688878,1688885,1688896,1688901,1689345-1689346,1689357,1689656,1689675-1689677,1689679,1689687,1689825,1689856,1689918,1690011,1690021,1690054,1690080,1690209,1691134,1691487,1691813,1692744-1692747,1692849,1692894,1692896,1693088,1693105,1693429,1693461,1694058,1694111,1694290,1694501,1694548,1694658,1694660,1694788,1694872,1694878,1695006,1695354,1695371,1695379,1695459,1695582,1695706,1695778,1696199,1696272,1696280,1696366-1696368,1696378,1696390,1696392,1696467,1698212,1698220,1700607,1700870,1700896,1700977,1701093,1701113,1701123,1701213,1701607,1701666,1701673,1701760-1701761,1701765,1701940,1702092,1702183,1702244,1702246,1702250,1702268,1702313,1702531,1702630-1702635,1702637-1702638,1702640,1702647,1702660,1702662,1702665-1702666,1702668,1702671-1702673,1702675-1702676,1702680,1702722,1702778,1702795,1702862,1702881,170
2886,1702910,1702923,1702971,1702984,1703024,1703040,1703044,1703049-1703050,1703143,1703146,1703151,1703160,1703164,1703167,1703174,1703192,1703287,1703290,1703358,1703408,1703486,1703509,1703523,1703542,1703545,1703554,1703584,1703673,1703676,1703678,1703680,1703763,1703784,1703821,1703842,1703849,1703851,1703853,1703856,1703860,1703865,1703890,1703948,1704149,1704151,1704251,1704278,1704289,1704302,1704305,1704307,1704318,1704331,1704647,1704658,1704689,1704702,1704706,1704711,1704730-1704733,1704735,1704739,1704741-1704742,1704744,1704786,1704867,1705231,1705630,1705635,1705639,1705647,1705650-1705652,1705842,1705848,1705865-1705866,1705942,1706017,1706744-1706745,1706853,1706915,1707052,1707088,1708500-1708501,1708504-1708505,1708570,1708649,1708687,1708745,1708957,1709120,1709266,1709295,1709375,1709663,1709895,1709960,1710070,1710134,1710341,1710346,1710441,1710445,1710489,1710517,1710523,1710571,1710577,1710632,1710676,1710689,1710753-1710754,1710779,1710924,1710930,1710933,
1710945,1711006,1711016,1711022,1711026,1712163,1712225,1712228,1712233,1712250,1712254,1712489,1712547-1712548,1712588,1712617,1712645,1712654,1712695,1712765-1712766,1712771,1712775,1712859,1712876,1712898,1712902,1712905,1712912,1712974,1713129,1713168,1713184,1713285,1713362,1713397,1713446,1713612,1713618,1713871,1713931,1713975,1713987,1713992,1713997,1714002,1714012,1714019,1714054,1714521,1714535,1714537,1715168,1715188,1715206,1715413,1715415,1715434,1715510-1715512,1715514-1715515,1715517-1715519,1715521,1715633,1715661,1715682,1715965,1716213-1716214,1716258,1716269,1716347,1716354,1716364,1716413,1716420,1716511,1716543,1716640,1716644,1716856,1716858,1716881-1716882,1716886,1716894,1717085,1717225,1717233,1717252,1717264,1717282,1717286,1717290,1717385,1717416,1717418,1717445,1717515,1717520,1717528,1717965,1717967-1717968,1717979,1718022,1718308,1718523,1718794,1718796,1718834,1718836-1718838,1719276,1719278,1719291,1719315,1719332,1719334,1719340,1719346,1719441,17194
46,1719488,1719909-1719910,1720200,1720234,1720394,1720439,1720445,1720448,1720462,1720506,1720652,1720654-1720655,1720711,1720752,1720769,1720776,1720804,1720815,1721303,1721307,1721311,1721314,1721447,1721528,1721539,1721812,1721817,1721830,1721860,1721866,1721881,1721887,1722205,1722292,1722399,1722453,1722455,1722522,1722526,1722532,1722548,1722574,1722583,1722585,1722799,1722807,1722824,1722828-1722829,1722831,1722859,1722902,1722905,1722923,1722939,1722945,1722996,1723068,1723127,1723155,1723250,1723316-1723318,1723368,1723371,1723375,1723377,1723380,1723410,1723414,1723437,1723484,1723486,1723493-1723494,1723500,1723552,1723554,1723683,1723707,1723736,1723806,1724012,1724232,1724252,1724325,1724427-1724428,1724433,1724673,1724788,1724863,1724900,1724997,1725113,1725126-1725127,1725150,1725165,1725183,1725199,1725202,1725204,1725207,1725263-1725264,1725266,1725278,1725282,1725405,1725599,1725601,1725635,1725646,1725649-1725652,1725694,1725696-1725697,1725816,1725851,1725906-17
25907,1725910,1725914,1725920,1725926,1726177,1726202,1726628,1726632,1726637,1726639,1726648,1726651,1726654,1726669,1726676,1726803,1726925-1726926,1726972-1726973,1726991,1727162,1727670,1727675,1727899,1727914,1727917,1728091,1728138,1728433,1728448,1728664,1728677,1729185,1729361,1729625,1729730,1730101-1730102,1730137,1730612,1730946-1730975,1731008,1731055,1731079,1731283,1731856,1731882,1731946-1731958,1731976-1731983,1732359,1732488,1732900-1733448,1733602,1733617-1733963,1733978,1734113,1734128,1734192,1734258,1734301,1734418-1734454,1734466-1734512,1734522,1734592,1734594,1734597,1735041,1735577,1736162,1736209,1736280,1736646,1736836,1737119,1737280,1737339,1737632,1737664,1737715,1737834,1737903,1737959,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738643,1738850,1738982,1738996,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324
,1740465,1740509,1740520,1740535,1740707,1740803,1740810,1740980,1740991,1741015,1741147,1741173,1741181,1741190,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741677,1741892,1741896,1742071,1742090,1742093,1742101,1742105,1742111,1742146,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742919,1742975,1742984,1742986,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743697,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744760,1744786,1745227,1745337,1746306,1746427,1746473,1746620,1746649,1746724,1746939,1746989,1747536,1747924,1748001,1748547,1748629,1748715,1749287,1749328,1749665-1749666,1750015,1750056,1750899,1750975,1750995,1751061,1751097,1752212,1752737,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754
950-1754951,1755214,1755224,1755230,1755646-1755647,1755650,1755675,1755693,1755717,1755884,1755890,1755918-1755919,1755942,1756013,1756019,1756039,1756408,1756410,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757495,1757499,1757527,1757997,1758072-1758075,1758078-1758079,1758292,1758369,1758423,1758425-1758427,1758430,1758486-1758487,1758499,1758556,1758582,1758584,1758588,1758842,1759019,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1760022,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761491,1761498,1761500-1761501,1761550,1761625-1761626,1761628,1761682,1761740,1762123,1762168,1762172,1762182,1762202,1762288,1762296,1762348,1762353,1762374,1762541,1762608,1762710,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276,1763319,1763370,1763372,1763375,1763377,1763393,1763412,1
763430,1763477,1763479,1763512,1763574,1763634-1763635,1763718,1763786,1763798-1763799,1763810,1764083,1764659,1764682,1764897,1765299,1765358,1765439,1765571,1766276,1766514,1766822,1766834,1766840,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1768651,1768762,1768922,1769263,1770140,1770180,1770258,1770656,1770666,1770718,1770762,1771087,1771139,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771963,1772174,1772223,1772229,1772554,1772849,1772947,1773418,1773756,1773813-1773814,1774052,1774131,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1775596,1776540,1776937,1777011,1777173,1777211,1777261,1777524,1777605,1777647,1778061,1778138-1778139,1778141-1778150,1778154,1779654,1779718,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1781569,1781986,1782814,1782857,1782868,1782946,1783144,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784751,1784963,1785271,178566
7,1785762,1785774,1785823,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787250,1787662,1788224,1788241-1788242,1788248,1788323-1788324,1788328,1788741,1788747,1788764,1789051,1789400,1789415,1789442,1789685,1789733,1789735,1789744-1789745,1790119,1790180,1790183,1790376,1790443,1791027-1791028,1791050,1791527,1791557,1792460,1792468,1793468,1793487,1793498,1793502,1793514,1793712,1793736,1793746,1793771,1793819,1793980,1794556,1794674,1795278,1795298,1795305,1795813,1795893,1796275,1796693-1796694,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797678,1797692,1797694,1797748,1797828,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799285,1799368,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800791,1800816,1800981,1800984,1800988,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802403,1802475,180
2490,1802639,1802796,1802820,1802828,1802833,1802836,1803205,1803446,1803451,1803616,1803828,1803901,1804306,1804461-1804462,1804501,1804506-1804507,1804890,1804906,1805613,1805637,1805645,1805652,1805782,1806736,1806794,1806798,1806801,1806807,1806966,1806973,1807004,1807205-1807206,1807455,1807686,1807698,1808116,1808156,1808266,1808466,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809212,1809214,1809239,1809248,1809265,1809317,1809434,1809669,1809674,1809684,1809711,1809908,1809922,1810106,1810300,1811119,1811122,1811132,1811137,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811328,1811560,1811704,1811837-1811839,1811861,1811932,1812088,1812092,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812617,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815319,1815325,1815451,1815459,1815505,1815615,1815778,1815786,1815790,1815903,1815944,1815954,1816083,1816120,1816128,1816140,1816147,1816157,1816338,1816563,1816647,1817089,1817092,
1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1818179,1818184,1820003,1820138,1820153,1820194,1820196-1820197,1820202,1820206,1820222,1820272,1820279,1820302,1820634,1820701,1820705,1820932,1821157,1821167,1821197-1821203,1821225,1821234-1821235,1821251,1821293,1821328,1821381,1821490,1821708,1822109,1822111,1822116,1822232,1822644,1822775,1822945-1822946,1823006-1823007,1823111,1823161,1823306,1823310,1823337,1823481,1823492,1823495,1823540,1824297,1824311,1824323,1824357,1824766,1824774,1824892,1824901,1824959,1825054,1825713,1825738,1825872,1826361,1826375,1826688,1826731,1826825,1826867,1826869,1827363,1827368,1827491,1827498,1827860,1828016,1828223-1828239,1828253,1828262,1828545,1828565,1829082,1829084,1829086,1829879,1829915,1829934,1830013,1830051,1830068
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
Thu Apr 26 19:58:35 2018
@@ -49,6 +49,7 @@ import org.apache.tomcat.util.buf.ByteCh
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.MimeHeaders;
+import org.apache.tomcat.util.http.parser.HttpParser;
import org.apache.tomcat.util.log.UserDataHelper;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
@@ -1386,32 +1387,63 @@ public abstract class AbstractHttp11Proc
}
}
- // Check for a full URI (including protocol://host:port/)
+ // Check for an absolute-URI less the query string which has already
+ // been removed during the parsing of the request line
ByteChunk uriBC = request.requestURI().getByteChunk();
+ byte[] uriB = uriBC.getBytes();
if (uriBC.startsWithIgnoreCase("http", 0)) {
-
- int pos = uriBC.indexOf("://", 0, 3, 4);
- int uriBCStart = uriBC.getStart();
- int slashPos = -1;
- if (pos != -1) {
+ int pos = 4;
+ // Check for https
+ if (uriBC.startsWithIgnoreCase("s", pos)) {
+ pos++;
+ }
+ // Next 3 characters must be "://"
+ if (uriBC.startsWith("://", pos)) {
pos += 3;
- byte[] uriB = uriBC.getBytes();
- slashPos = uriBC.indexOf('/', pos);
+ int uriBCStart = uriBC.getStart();
+
+ // '/' does not appear in the authority so use the first
+ // instance to split the authority and the path segments
+ int slashPos = uriBC.indexOf('/', pos);
+ // '@' in the authority delimits the userinfo
int atPos = uriBC.indexOf('@', pos);
+ if (slashPos > -1 && atPos > slashPos) {
+ // First '@' is in the path segments so no userinfo
+ atPos = -1;
+ }
+
if (slashPos == -1) {
slashPos = uriBC.getLength();
- // Set URI as "/"
- request.requestURI().setBytes
- (uriB, uriBCStart + pos - 2, 1);
+ // Set URI as "/". Use 6 as it will always be a '/'.
+ // 01234567
+ // http://
+ // https://
+ request.requestURI().setBytes(uriB, uriBCStart + 6, 1);
} else {
- request.requestURI().setBytes
- (uriB, uriBCStart + slashPos,
- uriBC.getLength() - slashPos);
+ request.requestURI().setBytes(uriB, uriBCStart + slashPos,
uriBC.getLength() - slashPos);
}
+
// Skip any user info
if (atPos != -1) {
+ // Validate the userinfo
+ for (; pos < atPos; pos++) {
+ byte c = uriB[uriBCStart + pos];
+ if (!HttpParser.isUserInfo(c)) {
+ // Strictly there needs to be a check for valid %nn
+ // encoding here but skip it since it will never be
+ // decoded because the userinfo is ignored
+ response.setStatus(400);
+ setErrorState(ErrorState.CLOSE_CLEAN, null);
+ if (getLog().isDebugEnabled()) {
+
getLog().debug(sm.getString("http11processor.request.invalidUserInfo"));
+ }
+ break;
+ }
+ }
+ // Skip the '@'
pos = atPos + 1;
}
+
if (http11) {
// Missing host header is illegal but handled above
if (hostValueMB != null) {
@@ -1444,6 +1476,25 @@ public abstract class AbstractHttp11Proc
hostValueMB = headers.setValue("host");
hostValueMB.setBytes(uriB, uriBCStart + pos, slashPos -
pos);
}
+ } else {
+ response.setStatus(400);
+ setErrorState(ErrorState.CLOSE_CLEAN, null);
+ if (getLog().isDebugEnabled()) {
+
getLog().debug(sm.getString("http11processor.request.invalidScheme"));
+ }
+ }
+ }
+
+ // Validate the characters in the URI. %nn decoding will be checked at
+ // the point of decoding.
+ for (int i = uriBC.getStart(); i < uriBC.getEnd(); i++) {
+ if (!HttpParser.isAbsolutePath(uriB[i])) {
+ response.setStatus(400);
+ setErrorState(ErrorState.CLOSE_CLEAN, null);
+ if (getLog().isDebugEnabled()) {
+
getLog().debug(sm.getString("http11processor.request.invalidUri"));
+ }
+ break;
}
}
@@ -1483,20 +1534,19 @@ public abstract class AbstractHttp11Proc
headers.removeHeader("content-length");
request.setContentLength(-1);
} else {
- getInputBuffer().addActiveFilter
- (inputFilters[Constants.IDENTITY_FILTER]);
+
getInputBuffer().addActiveFilter(inputFilters[Constants.IDENTITY_FILTER]);
contentDelimitation = true;
}
}
+ // Validate host name and extract port if present
parseHost(hostValueMB);
if (!contentDelimitation) {
// If there's no content length
// (broken HTTP/1.0 or HTTP/1.1), assume
// the client is not broken and didn't send a body
- getInputBuffer().addActiveFilter
- (inputFilters[Constants.VOID_FILTER]);
+
getInputBuffer().addActiveFilter(inputFilters[Constants.VOID_FILTER]);
contentDelimitation = true;
}
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java
Thu Apr 26 19:58:35 2018
@@ -281,7 +281,13 @@ public abstract class AbstractNioInputBu
end = pos;
} else if ((buf[pos] == Constants.QUESTION) &&
(parsingRequestLineQPos == -1)) {
parsingRequestLineQPos = pos;
+ } else if (parsingRequestLineQPos != -1 &&
!HttpParser.isQuery(buf[pos])) {
+ // %nn decoding will be checked at the point of decoding
+ throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
} else if (HttpParser.isNotRequestTarget(buf[pos])) {
+ // This is a general check that aims to catch problems
early
+ // Detailed checking of each part of the request target
will
+ // happen in AbstractHttp11Processor#prepareRequest()
throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
}
pos++;
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
Thu Apr 26 19:58:35 2018
@@ -238,7 +238,13 @@ public class InternalAprInputBuffer exte
end = pos;
} else if ((buf[pos] == Constants.QUESTION) && (questionPos ==
-1)) {
questionPos = pos;
+ } else if (questionPos != -1 && !HttpParser.isQuery(buf[pos])) {
+ // %nn decoding will be checked at the point of decoding
+ throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
} else if (HttpParser.isNotRequestTarget(buf[pos])) {
+ // This is a general check that aims to catch problems early
+ // Detailed checking of each part of the request target will
+ // happen in AbstractHttp11Processor#prepareRequest()
throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
}
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
Thu Apr 26 19:58:35 2018
@@ -199,7 +199,13 @@ public class InternalInputBuffer extends
end = pos;
} else if ((buf[pos] == Constants.QUESTION) && (questionPos ==
-1)) {
questionPos = pos;
+ } else if (questionPos != -1 && !HttpParser.isQuery(buf[pos])) {
+ // %nn decoding will be checked at the point of decoding
+ throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
} else if (HttpParser.isNotRequestTarget(buf[pos])) {
+ // This is a general check that aims to catch problems early
+ // Detailed checking of each part of the request target will
+ // happen in AbstractHttp11Processor#prepareRequest()
throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
}
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
Thu Apr 26 19:58:35 2018
@@ -17,6 +17,9 @@ http11processor.fallToDebug=\n Note: fur
http11processor.header.parse=Error parsing HTTP request header
http11processor.neverused=This method should never be used
http11processor.request.inconsistentHosts=The host specified in the request
line is not consistent with the host header
+http11processor.request.invalidScheme=The HTTP request contained an absolute
URI with an invalid scheme
+http11processor.request.invalidUri==The HTTP request contained an invalid URI
+http11processor.request.invalidUserInfo=The HTTP request contained an absolute
URI with an invalid userinfo
http11processor.request.multipleHosts=The request contained multiple host
headers
http11processor.request.noHostHeader=The HTTP/1.1 request did not provide a
host header
http11processor.request.prepare=Error preparing request
Modified: tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/buf/ByteChunk.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/buf/ByteChunk.java?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/buf/ByteChunk.java
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/buf/ByteChunk.java Thu Apr
26 19:58:35 2018
@@ -580,7 +580,33 @@ public final class ByteChunk extends Abs
/**
- * Returns true if the buffer starts with the specified string.
+ * Returns true if the buffer starts with the specified string when tested
+ * in a case sensitive manner.
+ *
+ * @param s the string
+ * @param pos The position
+ *
+ * @return <code>true</code> if the start matches
+ */
+ public boolean startsWith(String s, int pos) {
+ byte[] b = buff;
+ int len = s.length();
+ if (b == null || len + pos > end - start) {
+ return false;
+ }
+ int off = start + pos;
+ for (int i = 0; i < len; i++) {
+ if (b[off++] != s.charAt(i)) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+
+ /**
+ * Returns true if the buffer starts with the specified string when tested
+ * in a case insensitive manner.
*
* @param s the string
* @param pos The position
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
Thu Apr 26 19:58:35 2018
@@ -53,6 +53,11 @@ public class HttpParser {
private static final boolean[] IS_ALPHA = new boolean[ARRAY_SIZE];
private static final boolean[] IS_NUMERIC = new boolean[ARRAY_SIZE];
private static final boolean[] REQUEST_TARGET_ALLOW = new
boolean[ARRAY_SIZE];
+ private static final boolean[] IS_UNRESERVED = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_SUBDELIM = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_USERINFO = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_ABSOLUTEPATH = new boolean[ARRAY_SIZE];
+ private static final boolean[] IS_QUERY = new boolean[ARRAY_SIZE];
static {
String prop =
System.getProperty("tomcat.util.http.parser.HttpParser.requestTargetAllow");
@@ -116,6 +121,40 @@ public class HttpParser {
if (i >= 'a' && i <= 'z' || i >= 'A' && i <= 'Z') {
IS_ALPHA[i] = true;
}
+
+ if (IS_ALPHA[i] || IS_NUMERIC[i] || i == '-' || i == '.' || i ==
'_' || i == '~') {
+ IS_UNRESERVED[i] = true;
+ }
+
+ if (i == '!' || i == '$' || i == '&' || i == '\'' || i == '(' || i
== ')' || i == '*' || i == '+' ||
+ i == ',' || i == ';' || i == '=') {
+ IS_SUBDELIM[i] = true;
+ }
+
+ // userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
+ if (IS_UNRESERVED[i] || i == '%' || IS_SUBDELIM[i] || i == ':') {
+ IS_USERINFO[i] = true;
+ }
+
+ /*
+ * absolute-path = 1*( "/" segment )
+ * segment = *pchar
+ * pchar = unreserved / pct-encoded / sub-delims / ":" /
"@"
+ *
+ * Note pchar allows everything userinfo allows plus "@"
+ */
+ if (IS_USERINFO[i] || i == '@' || i == '/') {
+ IS_ABSOLUTEPATH[i] = true;
+ }
+
+ /*
+ * query = *( pchar / "/" / "?" )
+ *
+ * Note query allows everything absolute-path allows plus "?"
+ */
+ if (IS_ABSOLUTEPATH[i] || i == '?') {
+ IS_QUERY[i] = true;
+ }
}
}
@@ -212,6 +251,39 @@ public class HttpParser {
} catch (ArrayIndexOutOfBoundsException ex) {
return false;
}
+ }
+
+
+ public static boolean isUserInfo(int c) {
+ // Fast for valid user info characters, slower for some incorrect
+ // ones
+ try {
+ return IS_USERINFO[c];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return false;
+ }
+ }
+
+
+ public static boolean isAbsolutePath(int c) {
+ // Fast for valid user info characters, slower for some incorrect
+ // ones
+ try {
+ return IS_ABSOLUTEPATH[c];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return false;
+ }
+ }
+
+
+ public static boolean isQuery(int c) {
+ // Fast for valid user info characters, slower for some incorrect
+ // ones
+ try {
+ return IS_QUERY[c];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return false;
+ }
}
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/catalina/core/TestApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/catalina/core/TestApplicationContext.java?rev=1830262&r1=1830261&r2=1830262&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/test/org/apache/catalina/core/TestApplicationContext.java
(original)
+++
tomcat/tc8.0.x/trunk/test/org/apache/catalina/core/TestApplicationContext.java
Thu Apr 26 19:58:35 2018
@@ -68,7 +68,7 @@ public class TestApplicationContext exte
ByteChunk res = new ByteChunk();
int rc = getUrl("http://localhost:"; + getPort() +
- "/test/bug5nnnn/bug53467].jsp", res, null);
+ "/test/bug5nnnn/bug53467%5D.jsp", res, null);
Assert.assertEquals(HttpServletResponse.SC_OK, rc);
Assert.assertTrue(res.toString().contains("<p>OK</p>"));
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
