-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 5/11/18 4:34 AM, ma...@apache.org wrote: > Author: markt Date: Fri May 11 08:34:21 2018 New Revision: 1831389 > > URL: http://svn.apache.org/viewvc?rev=1831389&view=rev Log: When > the header limit is exceeded before the protocol is read (e.g. with > excessive new lines before the request line), set the protocol to > avoid the missing protocol triggering a 505 error masking the real > error code. > > Modified: > tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java > > Modified: > tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http1 1/Http11InputBuffer.java?rev=1831389&r1=1831388&r2=1831389&view=diff > > ======================================================================== ====== > --- > tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java > (original) +++ > tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java > Fri May 11 08:34:21 2018 @@ -711,6 +711,10 @@ public class > Http11InputBuffer implement > > if (parsingHeader) { if (byteBuffer.limit() >= headerBufferSize) { > + if (parsingRequestLine) { + // > Avoid unknown protocol triggering an additional error + > request.protocol().setString(Constants.HTTP_11); + > } Why not use something like "UNKNOWN" instead of "HTTP/1.1"? It might be confusing to see that the protocol "is" HTTP/1.1 when it was actually something else on the wire. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlr1rEgACgkQHPApP6U8 pFhn6BAAj1bBFKStBUHSL+9plGEz7X6jr48SuF3ftcbkKZ56saPdQ4xULJm8QUw4 YX+pw2ORv+fq+fmdfgNgIZnlatN4eXTAmUTlswnkjOPEP4LsJUYqFU8t8WT6iiUq XnYQbyrSKNCcITSu4XQOV6CfvZuOo/Fu6t3SCR9bjQ9azKdUsq6TpnwAwyg3bMwI 25zxBymSWiBv2LENcV4c2CRYvOiTNCEn/DVYZVWubYiLhKuaeo6wD6QKiEnHqJvd 8vl1w7v/YQfauRIyQJZ3wXTmiX8+fTwHFrhVi/4mp0peRCHYc11mvlXVNKYHKLCO 2kizfdMljdZrdXTlEOGe7pPntliMXASiCGekSJoEh+weTFFwU74AYT8fZmssBUIz qOS1bvopRf07rXWJe9XGAF5TGZKVVmy5cPAewlsfbA0cA4/h2b15al7UFYev8LTa zbf/f/VImFx/3P5VeujnIy3Cir70MQpETwo1oBHLe6T7AcsLR/L9o3i7oUqj1vyA U1jUlH6Bhabnh3HIl4uPamY4gDoYUAQMcM+giHsbgdpd8FAGbsh0V+bF7NcGmxgq Mt38Ge5B5T3NO6uxpgkQqhfvlEn8DXtSJRxdV5eZQhpwrpkYjyaRFI+gItWw6f72 428BkppXqK6t/ob5gBJK7Mz6BZ4LqWpTVr6y3u3nCVOPxiNdKbg= =RItO -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
