This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7aa03bdea8 Correct a regression in the previous fix for BZ 66236
7aa03bdea8 is described below
commit 7aa03bdea82da0294c8ad3d88f7a69b7f2c14d0a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Sep 13 16:35:24 2022 +0100
Correct a regression in the previous fix for BZ 66236
https://bz.apache.org/bugzilla/show_bug.cgi?id=66236
---
java/org/apache/coyote/http11/Http11Processor.java | 2 +-
.../coyote/http11/filters/BufferedInputFilter.java | 37 ++++++++++++++--------
.../coyote/http11/filters/IdentityInputFilter.java | 6 +---
3 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java
b/java/org/apache/coyote/http11/Http11Processor.java
index d7d23fe58a..e13ab36690 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -213,7 +213,7 @@ public class Http11Processor extends AbstractProcessor {
outputBuffer.addFilter(new VoidOutputFilter());
// Create and add buffered input filter
- inputBuffer.addFilter(new BufferedInputFilter());
+ inputBuffer.addFilter(new
BufferedInputFilter(protocol.getMaxSwallowSize()));
// Create and add the gzip filters.
//inputBuffer.addFilter(new GzipInputFilter());
diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
index 34321b351a..2f6a1ae76b 100644
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -33,13 +33,14 @@ import org.apache.tomcat.util.net.ApplicationBufferHandler;
*/
public class BufferedInputFilter implements InputFilter,
ApplicationBufferHandler {
- // -------------------------------------------------------------- Constants
-
private static final String ENCODING_NAME = "buffered";
private static final ByteChunk ENCODING = new ByteChunk();
- // ----------------------------------------------------- Instance Variables
+ static {
+ ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1),
0, ENCODING_NAME.length());
+ }
+
// Use ByteChunk since it correctly handles the special buffer size of -1
// for maxSavePostSize.
@@ -48,15 +49,13 @@ public class BufferedInputFilter implements InputFilter,
ApplicationBufferHandle
private InputBuffer buffer;
private boolean hasRead = false;
+ private final int maxSwallowSize;
- // ----------------------------------------------------- Static Initializer
- static {
- ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1),
- 0, ENCODING_NAME.length());
+ public BufferedInputFilter(int maxSwallowSize) {
+ this.maxSwallowSize = maxSwallowSize;
}
-
// --------------------------------------------------------- Public Methods
@@ -82,14 +81,24 @@ public class BufferedInputFilter implements InputFilter,
ApplicationBufferHandle
*/
@Override
public void setRequest(Request request) {
- if (buffered.getLimit() == 0) {
- return;
- }
// save off the Request body
try {
- while (buffer.doRead(this) >= 0) {
- buffered.append(tempRead);
- tempRead = null;
+ if (buffered.getLimit() == 0) {
+ // Special case - ignore (swallow) body. Do so within a limit.
+ long swallowed = 0;
+ int read = 0;
+ while ((read = buffer.doRead(this)) >= 0) {
+ swallowed += read;
+ if (maxSwallowSize > -1 && swallowed > maxSwallowSize) {
+ // No need for i18n - this isn't going to get logged
+ throw new IOException("Ignored body exceeded
maxSwallowSize");
+ }
+ }
+ } else {
+ while (buffer.doRead(this) >= 0) {
+ buffered.append(tempRead);
+ tempRead = null;
+ }
}
} catch(IOException | BufferOverflowException ioe) {
// No need for i18n - this isn't going to get logged anywhere
diff --git a/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
b/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
index e6ff1f96ba..2380bc53e6 100644
--- a/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
@@ -34,20 +34,17 @@ import org.apache.tomcat.util.res.StringManager;
*/
public class IdentityInputFilter implements InputFilter,
ApplicationBufferHandler {
- private static final StringManager sm = StringManager.getManager(
- IdentityInputFilter.class.getPackage().getName());
+ private static final StringManager sm =
StringManager.getManager(IdentityInputFilter.class);
// -------------------------------------------------------------- Constants
-
protected static final String ENCODING_NAME = "identity";
protected static final ByteChunk ENCODING = new ByteChunk();
// ----------------------------------------------------- Static Initializer
-
static {
ENCODING.setBytes(ENCODING_NAME.getBytes(StandardCharsets.ISO_8859_1),
0, ENCODING_NAME.length());
@@ -56,7 +53,6 @@ public class IdentityInputFilter implements InputFilter,
ApplicationBufferHandle
// ----------------------------------------------------- Instance Variables
-
/**
* Content length.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
