Mark,
On 12/15/23 04:37, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a42726c21b Make Host header / request line consistency check case
insensitive
a42726c21b is described below
commit a42726c21be02464fb07273c4b44731cb6151cc8
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Dec 15 09:36:02 2023 +0000
Make Host header / request line consistency check case insensitive
---
java/org/apache/coyote/http11/Http11Processor.java | 2 +-
java/org/apache/tomcat/util/buf/ByteChunk.java | 22 ++++++++++++++
.../apache/coyote/http11/TestHttp11Processor.java | 35 ++++++++++++++++++++++
webapps/docs/changelog.xml | 5 ++++
4 files changed, 63 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/coyote/http11/Http11Processor.java
b/java/org/apache/coyote/http11/Http11Processor.java
index 67e53fafda..446c36abd9 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -731,7 +731,7 @@ public class Http11Processor extends AbstractProcessor {
if (hostValueMB != null) {
// Any host in the request line must be consistent
with
// the Host header
- if (!hostValueMB.getByteChunk().equals(uriB,
uriBCStart + pos, slashPos - pos)) {
+ if (!hostValueMB.getByteChunk().equalsIgnoreCase(uriB,
uriBCStart + pos, slashPos - pos)) {
// The requirements of RFC 7230 are being
// applied. If the host header and the request
// line do not agree, trigger a 400 response.
diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index f53102ddc5..e297121e65 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -678,6 +678,28 @@ public final class ByteChunk extends AbstractChunk {
}
+ public boolean equalsIgnoreCase(byte b2[], int off2, int len2) {
+ byte b1[] = buff;
+ if (b1 == null && b2 == null) {
+ return true;
+ }
+
+ int len = end - start;
+ if (len != len2 || b1 == null || b2 == null) {
+ return false;
+ }
+
+ int off1 = start;
+
+ while (len-- > 0) {
+ if (Ascii.toLower(b1[off1++]) != Ascii.toLower(b2[off2++])) {
+ return false;
+ }
+ }
+ return true;
+ }
I replied on users@ about this. Is ASCII-comparison sufficient?
Could we speed things up dramatically by performing a byte-wise
comparison first, and only fall-back to (slower) case-insensitive
comparison if that fails? My guess is that most clients will be sending
byte-equals request-line and Host headers.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
