This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 157487d Treat empty token at end the same way as empty token at start/middle 157487d is described below commit 157487d425734a37ac32fe709ff20b8f6d8fe4e4 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Jun 8 11:27:33 2021 +0100 Treat empty token at end the same way as empty token at start/middle --- .../apache/tomcat/util/http/parser/TokenList.java | 3 ++- .../tomcat/util/http/parser/TestTokenList.java | 29 ++++++++++++++++++++++ webapps/docs/changelog.xml | 6 +++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/util/http/parser/TokenList.java b/java/org/apache/tomcat/util/http/parser/TokenList.java index 0ab7ce1..01ac449 100644 --- a/java/org/apache/tomcat/util/http/parser/TokenList.java +++ b/java/org/apache/tomcat/util/http/parser/TokenList.java @@ -84,7 +84,8 @@ public class TokenList { } if (fieldName.length() == 0) { - // No more data to read + // Unexpected EOF. Should have been a token. + invalid = true; break; } diff --git a/test/org/apache/tomcat/util/http/parser/TestTokenList.java b/test/org/apache/tomcat/util/http/parser/TestTokenList.java index 43ea16d..a1415c4 100644 --- a/test/org/apache/tomcat/util/http/parser/TestTokenList.java +++ b/test/org/apache/tomcat/util/http/parser/TestTokenList.java @@ -190,4 +190,33 @@ public class TestTokenList { Assert.assertFalse(result); } + + @Test + public void testMultipleWithEmptyStart() throws IOException { + Set<String> expected = new HashSet<>(); + expected.add("bar"); + expected.add("foo"); + expected.add("host"); + doTestVary(",Host, Foo, Bar", expected, false); + } + + + @Test + public void testMultipleWithEmptyMiddle() throws IOException { + Set<String> expected = new HashSet<>(); + expected.add("bar"); + expected.add("foo"); + expected.add("host"); + doTestVary("Host, Foo,,Bar", expected, false); + } + + + @Test + public void testMultipleWithEmptyEnd() throws IOException { + Set<String> expected = new HashSet<>(); + expected.add("bar"); + expected.add("foo"); + expected.add("host"); + doTestVary("Host, Foo, Bar,", expected, false); + } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 650533d..3cb74a3 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -207,6 +207,12 @@ <add> Add debug logging for HTTP/2 HPACK header decoding. (markt) </add> + <fix> + Correct parsing of HTTP headers consisting of a list of tokens so that a + header with an empty token is treated consistently regardless of whether + the empty token is at the start, middle or end of the list of tokens. + (markt) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org