[tomcat] branch 10.0.x updated: "-1" should not be a valid port number

Mon, 08 Aug 2022 08:28:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
     new b1689e067b "-1" should not be a valid port number
b1689e067b is described below

commit b1689e067b911bcebc0b54640abdb2ff444fd866
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Aug 8 16:28:26 2022 +0100

    "-1" should not be a valid port number
---
 .../apache/tomcat/util/http/parser/HttpParser.java | 25 ++++++++++++++++++----
 .../util/http/parser/TestHttpParserHost.java       |  9 ++++++++
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java 
b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index 76d79cae5e..2d21f02e68 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -785,7 +785,11 @@ public class HttpParser {
             return readHostDomainName(reader);
         }
 
-        return pos;
+        if (inIPv6) {
+            return pos;
+        } else {
+            return validatePort(reader, pos);
+        }
     }
 
 
@@ -877,7 +881,7 @@ public class HttpParser {
 
         c = reader.read();
         if (c == ':') {
-            return pos;
+            return validatePort(reader, pos);
         } else {
             if(c == -1) {
                 return -1;
@@ -902,14 +906,27 @@ public class HttpParser {
 
         if (DomainParseState.COLON == state) {
             // State identifies the state of the previous character
-            return pos - 1;
+            return validatePort(reader, pos - 1);
         } else {
             return -1;
         }
     }
 
 
-    /**
+    static int validatePort(Reader reader, int colonPosition) throws 
IOException {
+        // Remaining characters should be numeric ...
+        readLong(reader);
+        // ... followed by EOS
+        if (reader.read() == -1) {
+            return colonPosition;
+        } else {
+            // Invalid port
+            throw new IllegalArgumentException();
+        }
+    }
+
+
+     /**
      * Skips all characters until EOF or the specified target is found. 
Normally
      * used to skip invalid input until the next separator.
      */
diff --git a/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java 
b/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
index c146e4af81..e5b9bc0572 100644
--- a/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
+++ b/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java
@@ -217,6 +217,15 @@ public class TestHttpParserHost {
             Integer.valueOf(-1), IAE} );
         result.add(new Object[] { TestType.IPv6, "[1111:2222:3333]",
             Integer.valueOf(-1), IAE} );
+        // Domain name - invalid port
+        result.add(new Object[] { TestType.IPv4, "localhost:x", 
Integer.valueOf(-1), IAE} );
+        result.add(new Object[] { TestType.IPv4, "localhost:-1", 
Integer.valueOf(-1), IAE} );
+        // IPv4 - invalid port
+        result.add(new Object[] { TestType.IPv4, "127.0.0.1:x", 
Integer.valueOf(-1), IAE} );
+        result.add(new Object[] { TestType.IPv4, "127.0.0.1:-1", 
Integer.valueOf(-1), IAE} );
+        // IPv6 - invalid port
+        result.add(new Object[] { TestType.IPv4, "[::1]:x", 
Integer.valueOf(-1), IAE} );
+        result.add(new Object[] { TestType.IPv4, "[::1]:-1", 
Integer.valueOf(-1), IAE} );
         return result;
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to