This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new f806d4f Fix BZ 65563. Correct parsing of Content-Range headers
f806d4f is described below
commit f806d4fb11c247517a17b59192c28642a56f31b7
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 9 08:36:12 2021 +0100
Fix BZ 65563. Correct parsing of Content-Range headers
Tomcat was incorrectly requiring an '=' character after "bytes". Fix
based on pull request #449 by Thierry Guérin.
---
.../tomcat/util/http/parser/ContentRange.java | 8 ++++----
.../catalina/servlets/TestDefaultServletPut.java | 24 ++++++++++++++--------
webapps/docs/changelog.xml | 10 +++++++++
3 files changed, 29 insertions(+), 13 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/parser/ContentRange.java
b/java/org/apache/tomcat/util/http/parser/ContentRange.java
index 59bf071..d77a0e4 100644
--- a/java/org/apache/tomcat/util/http/parser/ContentRange.java
+++ b/java/org/apache/tomcat/util/http/parser/ContentRange.java
@@ -71,10 +71,10 @@ public class ContentRange {
return null;
}
- // Must be followed by '='
- if (HttpParser.skipConstant(input, "=") == SkipResult.NOT_FOUND) {
- return null;
- }
+ // Must be followed by SP. Parser is lenient and accepts any LWS here.
+ // No need for explicit check as something must have terminated the
+ // token and if that something was anything other than LWS the
following
+ // call to readLong() will fail.
// Start
long start = HttpParser.readLong(input);
diff --git a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
index 09c30ff..e2e0058 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
@@ -52,30 +52,36 @@ public class TestDefaultServletPut extends TomcatBaseTest {
// Valid partial PUT
parameterSets.add(new Object[] {
- "Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT, Boolean.TRUE });
+ "Content-Range: bytes 0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT, Boolean.TRUE });
// Full PUT
parameterSets.add(new Object[] {
"", null, PATCH_TEXT, Boolean.TRUE });
// Invalid range
parameterSets.add(new Object[] {
- "Content-Range: apples=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
+ "Content-Range: apples 0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
"Content-Range: bytes00-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
- "Content-Range: bytes=9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+ "Content-Range: bytes0-" + PATCH_LEN + "/" + START_LEN + CRLF,
Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
- "Content-Range: bytes=-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+ "Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
- "Content-Range: bytes=9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+ "Content-Range: bytes@0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
- "Content-Range: bytes=9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+ "Content-Range: bytes 9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
- "Content-Range: bytes=0-5/" + CRLF, Boolean.FALSE, START_TEXT,
Boolean.TRUE });
+ "Content-Range: bytes -7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
- "Content-Range: bytes=0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+ "Content-Range: bytes 9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+ parameterSets.add(new Object[] {
+ "Content-Range: bytes 9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+ parameterSets.add(new Object[] {
+ "Content-Range: bytes 0-5/" + CRLF, Boolean.FALSE, START_TEXT,
Boolean.TRUE });
+ parameterSets.add(new Object[] {
+ "Content-Range: bytes 0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
// Valid partial PUT but partial PUT is disabled
parameterSets.add(new Object[] {
- "Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, START_TEXT, Boolean.FALSE });
+ "Content-Range: bytes 0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, START_TEXT, Boolean.FALSE });
return parameterSets;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cb4c7e4..aa8c1ca 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,16 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 9.0.54 (remm)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ <bug>65563</bug>: Correct parsing of HTTP <code>Content-Rnage</code>
+ headers. Tomcat was incorrectly requiring an <code>=</code> character
+ after <code>bytes</code>. Fix based on pull request <pr>449</pr> by
+ Thierry Guérin. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 9.0.53 (remm)" rtext="in progress">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
