[tomcat] branch 9.0.x updated: Use parts size for maxParameterCount

Tue, 08 Aug 2023 04:28:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 78a5a7863e Use parts size for maxParameterCount
78a5a7863e is described below

commit 78a5a7863e640e5746ef24a7db9d66657b04fb33
Author: remm <r...@apache.org>
AuthorDate: Tue Aug 8 13:23:35 2023 +0200

    Use parts size for maxParameterCount
    
    If parsing the parts first (which is usually not what happens), then the
    parts count should affect maxParameterCount. Since the resource use of
    parameters is small, allowing maxParameterCount parameters in addition
    to the parts is not a noticeable issue. Parsing parameters first is
    recommended though.
    Report submitted by Matus Madzin.
---
 java/org/apache/catalina/connector/Request.java | 6 +++++-
 webapps/docs/changelog.xml                      | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 2a6934daa4..be6aed055f 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -3146,7 +3146,11 @@ public class Request implements HttpServletRequest {
         boolean success = false;
         try {
             // Set this every time in case limit has been changed via JMX
-            parameters.setLimit(getConnector().getMaxParameterCount());
+            int maxParameterCount = getConnector().getMaxParameterCount();
+            if (parts != null && maxParameterCount > 0) {
+                maxParameterCount -= parts.size();
+            }
+            parameters.setLimit(maxParameterCount);
 
             // getCharacterEncoding() may have been overridden to search for
             // hidden form field containing request encoding
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 832a9c63c0..895c26e3d1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -132,6 +132,11 @@
         <bug>66822</bug>: Use the same naming format in log messages for
         Connector instances as the associated ProtocolHandler instance. (markt)
       </fix>
+      <fix>
+        The parts count should also lower the actual
+        <code>maxParameterCount</code> used for parsing parameters if parts are
+        parsed first. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to