This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 26624e2 Fix #419. Check parameter value size before conversion to
String
26624e2 is described below
commit 26624e2aa72c504c2c91bd57ee6a59d88f90e55e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri May 21 12:07:37 2021 +0100
Fix #419. Check parameter value size before conversion to String
---
java/org/apache/catalina/connector/Request.java | 22 ++++++++++------------
webapps/docs/changelog.xml | 7 +++++++
2 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 3172a19..e1a0e77 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2928,22 +2928,14 @@ public class Request implements HttpServletRequest {
parts.add(part);
if (part.getSubmittedFileName() == null) {
String name = part.getName();
- String value = null;
- try {
- value = part.getString(charset.name());
- } catch (UnsupportedEncodingException uee) {
- // Not possible
- }
if (maxPostSize >= 0) {
// Have to calculate equivalent size. Not
completely
// accurate but close enough.
postSize += name.getBytes(charset).length;
- if (value != null) {
- // Equals sign
- postSize++;
- // Value length
- postSize += part.getSize();
- }
+ // Equals sign
+ postSize++;
+ // Value length
+ postSize += part.getSize();
// Value separator
postSize++;
if (postSize > maxPostSize) {
@@ -2952,6 +2944,12 @@ public class Request implements HttpServletRequest {
"coyoteRequest.maxPostSizeExceeded"));
}
}
+ String value = null;
+ try {
+ value = part.getString(charset.name());
+ } catch (UnsupportedEncodingException uee) {
+ // Not possible
+ }
parameters.addParameter(name, value);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 52a3066..50d6c5c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -132,6 +132,13 @@
Add <code>cookieName</code> attribute to the SSO valve to configure the
SSO cookie name. (remm)
</update>
+ <fix>
+ <pr>419</pr>: When processing POST requests of type
+ <code>multipart/form-data</code> for parts without a filename that are
+ added to the parameter map in String form, check the size of the part
+ before attempting conversion to String. Pull request provided by
+ tianshuang. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
