[tomcat] branch 8.5.x updated: Make parsing of Content-Disposition headers more robust

Thu, 18 Aug 2022 13:06:05 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 9595fcdecb Make parsing of Content-Disposition headers more robust
9595fcdecb is described below

commit 9595fcdecbbe7ce3a8065fc8959250722b6fec95
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Aug 18 21:04:06 2022 +0100

    Make parsing of Content-Disposition headers more robust
    
    Invalid filename directives will now be ignored rather than triggering a
    500 response.
---
 java/org/apache/tomcat/util/http/parser/HttpParser.java     |  5 +++++
 test/org/apache/tomcat/util/http/parser/TestHttpParser.java |  8 ++++++++
 webapps/docs/changelog.xml                                  | 10 ++++++++++
 3 files changed, 23 insertions(+)

diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java 
b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index 3dbd935d2a..2b6dae5264 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -238,6 +238,11 @@ public class HttpParser {
             char c = input.charAt(i);
             if (input.charAt(i) == '\\') {
                 i++;
+                if (i == end) {
+                    // Input (less surrounding quotes) ended with '\'. That is
+                    // invalid so return null.
+                    return null;
+                }
                 result.append(input.charAt(i));
             } else {
                 result.append(c);
diff --git a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java 
b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
index d157014339..c56022424a 100644
--- a/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
+++ b/test/org/apache/tomcat/util/http/parser/TestHttpParser.java
@@ -25,6 +25,14 @@ public class TestHttpParser {
     public void testTokenDel() {
         Assert.assertFalse("DEL is not a token", HttpParser.isToken(127));
     }
+    @Test
+    public void testUnquoteInvalid01() {
+        // Note: Test string is also Java escaped
+        String shortText = "aaa\\";
+        Assert.assertNull(shortText, HttpParser.unquote(shortText));
+    }
+
+
     @Test
     public void testTokenStringNull() {
         Assert.assertFalse(HttpParser.isToken(null));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4cdaf869cc..b97009f8f3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,16 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Make parsing of invalid filename directives in
+        <code>Content-Disposition</code> headers more robust. Invalid filename
+        directives will now be ignored rather than triggering a 500 response.
+        (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Jasper">
     <changelog>
       <fix>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to