[tomcat] branch main updated: Allow for relaxed validation of path and query characters in HTTP/2

Sat, 08 Jan 2022 08:38:19 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 3ce7bcc  Allow for relaxed validation of path and query characters in 
HTTP/2
3ce7bcc is described below

commit 3ce7bccc8c5ec555b3301bcdac01298ecd971605
Author: Mark Thomas <[email protected]>
AuthorDate: Sat Jan 8 16:37:52 2022 +0000

    Allow for relaxed validation of path and query characters in HTTP/2
    
    Follow-up to https://bz.apache.org/bugzilla/show_bug.cgi?id=65785
---
 java/org/apache/coyote/http2/Http2Protocol.java    |  3 +-
 java/org/apache/coyote/http2/StreamProcessor.java  |  7 +++-
 .../apache/coyote/http2/TestStreamProcessor.java   | 45 ++++++++++++++++++++++
 3 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/coyote/http2/Http2Protocol.java 
b/java/org/apache/coyote/http2/Http2Protocol.java
index 8b7718d..7bdc6cb 100644
--- a/java/org/apache/coyote/http2/Http2Protocol.java
+++ b/java/org/apache/coyote/http2/Http2Protocol.java
@@ -21,7 +21,6 @@ import java.util.Enumeration;
 
 import javax.management.ObjectName;
 
-import org.apache.coyote.AbstractProtocol;
 import org.apache.coyote.Adapter;
 import org.apache.coyote.ContinueResponseTiming;
 import org.apache.coyote.Processor;
@@ -342,7 +341,7 @@ public class Http2Protocol implements UpgradeProtocol {
     }
 
 
-    public AbstractProtocol<?> getHttp11Protocol() {
+    public AbstractHttp11Protocol<?> getHttp11Protocol() {
         return this.http11Protocol;
     }
 
diff --git a/java/org/apache/coyote/http2/StreamProcessor.java 
b/java/org/apache/coyote/http2/StreamProcessor.java
index c1a943a..68621cb 100644
--- a/java/org/apache/coyote/http2/StreamProcessor.java
+++ b/java/org/apache/coyote/http2/StreamProcessor.java
@@ -466,6 +466,9 @@ class StreamProcessor extends AbstractProcessor {
      * The checks performed below are based on the checks in Http11InputBuffer.
      */
     private boolean validateRequest() {
+        HttpParser httpParser = new 
HttpParser(handler.getProtocol().getHttp11Protocol().getRelaxedPathChars(),
+                
handler.getProtocol().getHttp11Protocol().getRelaxedQueryChars());
+
         // Method name must be a token
         String method = request.method().toString();
         if (!HttpParser.isToken(method)) {
@@ -476,7 +479,7 @@ class StreamProcessor extends AbstractProcessor {
         // (other checks such as valid %nn happen later)
         ByteChunk bc = request.requestURI().getByteChunk();
         for (int i = bc.getStart(); i < bc.getEnd(); i++) {
-            if (HttpParser.isNotRequestTarget(bc.getBuffer()[i])) {
+            if (httpParser.isNotRequestTargetRelaxed(bc.getBuffer()[i])) {
                 return false;
             }
         }
@@ -486,7 +489,7 @@ class StreamProcessor extends AbstractProcessor {
         String qs = request.queryString().toString();
         if (qs != null) {
             for (char c : qs.toCharArray()) {
-                if (!HttpParser.isQuery(c)) {
+                if (!httpParser.isQueryRelaxed(c)) {
                     return false;
                 }
             }
diff --git a/test/org/apache/coyote/http2/TestStreamProcessor.java 
b/test/org/apache/coyote/http2/TestStreamProcessor.java
index 2fd8c94..b7480ed 100644
--- a/test/org/apache/coyote/http2/TestStreamProcessor.java
+++ b/test/org/apache/coyote/http2/TestStreamProcessor.java
@@ -346,6 +346,51 @@ public class TestStreamProcessor extends Http2TestBase {
     }
 
 
+    @Test
+    public void testValidateRequestQueryStringRelaxed() throws Exception {
+        enableHttp2();
+
+        Tomcat tomcat = getTomcatInstance();
+
+        File appDir = new File("test/webapp");
+        Context ctxt = tomcat.addWebapp(null, "", appDir.getAbsolutePath());
+
+        Tomcat.addServlet(ctxt, "simple", new SimpleServlet());
+        ctxt.addServletMappingDecoded("/simple", "simple");
+
+        tomcat.getConnector().setProperty("relaxedQueryChars", "[]");
+
+        tomcat.start();
+
+        openClientConnection();
+        doHttpUpgrade();
+        sendClientPreface();
+        validateHttp2InitialResponse();
+
+        byte[] frameHeader = new byte[9];
+        ByteBuffer headersPayload = ByteBuffer.allocate(128);
+
+        List<Header> headers = new ArrayList<>(4);
+        headers.add(new Header(":method", "GET"));
+        headers.add(new Header(":scheme", "http"));
+        headers.add(new Header(":path", "/index.html?foo=[]"));
+        headers.add(new Header(":authority", "localhost:" + getPort()));
+
+        buildGetRequest(frameHeader, headersPayload, null, headers, 3);
+
+        writeFrame(frameHeader, headersPayload);
+
+        parser.readFrame(true);
+
+        StringBuilder expected = new StringBuilder();
+        expected.append("3-HeadersStart\n");
+        expected.append("3-Header-[:status]-[200]\n");
+
+        // The status code is the most important thing to test
+        Assert.assertTrue(output.getTrace().startsWith(expected.toString()));
+    }
+
+
     private static final class AsyncComplete extends HttpServlet {
 
         private static final long serialVersionUID = 1L;

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to