This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c4f881f Invalid byte sequences result in a 400 response.
c4f881f is described below
commit c4f881f5b68809139a3ebfeb3121c50bf9be8ea8
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Oct 13 18:32:19 2021 +0100
Invalid byte sequences result in a 400 response.
This is part of the clarification in Servet 6.0 of the expected
canonicalization Servlet containers are expected to apply to request
URIs.
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 2 +-
.../org/apache/catalina/connector/TestCoyoteAdapter.java | 16 +++++++++++-----
webapps/docs/changelog.xml | 4 ++++
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 046cc4c..ccfb4d1 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -1087,7 +1087,7 @@ public class CoyoteAdapter implements Adapter {
B2CConverter conv = request.getURIConverter();
if (conv == null) {
- conv = new B2CConverter(charset, true);
+ conv = new B2CConverter(charset, false);
request.setURIConverter(conv);
} else {
conv.recycle();
diff --git a/test/org/apache/catalina/connector/TestCoyoteAdapter.java
b/test/org/apache/catalina/connector/TestCoyoteAdapter.java
index 72f26b8..1dbe21b 100644
--- a/test/org/apache/catalina/connector/TestCoyoteAdapter.java
+++ b/test/org/apache/catalina/connector/TestCoyoteAdapter.java
@@ -212,19 +212,19 @@ public class TestCoyoteAdapter extends TomcatBaseTest {
@Test
public void testBug54602c() throws Exception {
// Partial UTF-8
- doTestUriDecoding("/foo%c4", "UTF-8", "/foo\uFFFD");
+ doTestUriDecoding("/foo%c4", "UTF-8", null);
}
@Test
public void testBug54602d() throws Exception {
// Invalid UTF-8
- doTestUriDecoding("/foo%ff", "UTF-8", "/foo\uFFFD");
+ doTestUriDecoding("/foo%ff", "UTF-8", null);
}
@Test
public void testBug54602e() throws Exception {
// Invalid UTF-8
- doTestUriDecoding("/foo%ed%a0%80", "UTF-8", "/foo\uFFFD\uFFFD\uFFFD");
+ doTestUriDecoding("/foo%ed%a0%80", "UTF-8", null);
}
private void doTestUriDecoding(String path, String encoding,
@@ -246,9 +246,15 @@ public class TestCoyoteAdapter extends TomcatBaseTest {
int rc = getUrl("http://localhost:"; + getPort() + path,
new ByteChunk(), null);
- Assert.assertEquals(HttpServletResponse.SC_OK, rc);
- Assert.assertEquals(expectedPathInfo, servlet.getPathInfo());
+ if (expectedPathInfo == null) {
+ // Invalid URI
+ Assert.assertEquals(HttpServletResponse.SC_BAD_REQUEST, rc);
+ } else {
+ // Valid URI
+ Assert.assertEquals(HttpServletResponse.SC_OK, rc);
+ Assert.assertEquals(expectedPathInfo, servlet.getPathInfo());
+ }
}
private static class PathInfoServlet extends HttpServlet {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2be62e9..0f82931 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,10 @@
Do not add a trailing <code>/</code> to a request URI during
canonicalization. (markt)
</fix>
+ <fix>
+ Invalid byte sequences (typically in %nn form) in a request URi that
are
+ not valid for the given URI encoding now trigger a 400 response.
(markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
