Author: markt
Date: Sun May 3 01:29:42 2009
New Revision: 771013
URL: http://svn.apache.org/viewvc?rev=771013&view=rev
Log:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46984
Invalid characters in HTTP request method should result in a 400
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sun May 3 01:29:42 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757774,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763298,763302,763325,763599,763611,763681,763706,765662,768335
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757774,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763298,763302,763325,763599,763611,763654,763681,763706,765662,768335
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun May 3 01:29:42 2009
@@ -111,12 +111,6 @@
+1: markt, pero
-1:
-* https://issues.apache.org/bugzilla/show_bug.cgi?id=46984
- Invalid characters in HTTP request method should result in a 400
- http://svn.apache.org/viewvc?rev=763654&view=rev
- +1: markt, rjung, pero
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42390
Correct JSP compilation error with nested tagfile tags with variables with
"AT_BEGIN" scope
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
Sun May 3 01:29:42 2009
@@ -834,17 +834,19 @@
error = true;
}
- // Setting up filters, and parse some request headers
- rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
- try {
- prepareRequest();
- } catch (Throwable t) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("http11processor.request.prepare"),
t);
+ if (!error) {
+ // Setting up filters, and parse some request headers
+ rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
+ try {
+ prepareRequest();
+ } catch (Throwable t) {
+ if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.prepare"), t);
+ }
+ // 400 - Internal Server Error
+ response.setStatus(400);
+ error = true;
}
- // 400 - Internal Server Error
- response.setStatus(400);
- error = true;
}
if (maxKeepAliveRequests > 0 && --keepAliveLeft == 0)
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
Sun May 3 01:29:42 2009
@@ -858,17 +858,19 @@
error = true;
}
- // Setting up filters, and parse some request headers
- rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
- try {
- prepareRequest();
- } catch (Throwable t) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("http11processor.request.prepare"),
t);
+ if (!error) {
+ // Setting up filters, and parse some request headers
+ rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
+ try {
+ prepareRequest();
+ } catch (Throwable t) {
+ if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.prepare"), t);
+ }
+ // 400 - Internal Server Error
+ response.setStatus(400);
+ error = true;
}
- // 400 - Internal Server Error
- response.setStatus(400);
- error = true;
}
if (maxKeepAliveRequests > 0 && --keepAliveLeft == 0)
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java Sun
May 3 01:29:42 2009
@@ -824,17 +824,19 @@
error = true;
}
- // Setting up filters, and parse some request headers
- rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
- try {
- prepareRequest();
- } catch (Throwable t) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("http11processor.request.prepare"),
t);
+ if (!error) {
+ // Setting up filters, and parse some request headers
+ rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
+ try {
+ prepareRequest();
+ } catch (Throwable t) {
+ if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.prepare"), t);
+ }
+ // 400 - Internal Server Error
+ response.setStatus(400);
+ error = true;
}
- // 400 - Internal Server Error
- response.setStatus(400);
- error = true;
}
if (maxKeepAliveRequests > 0 && --keepAliveLeft == 0)
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
Sun May 3 01:29:42 2009
@@ -403,6 +403,11 @@
throw new EOFException(sm.getString("iib.eof.error"));
}
+ // Spec says no CR or LF in method name
+ if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
+ throw new IllegalArgumentException(
+ sm.getString("iib.invalidmethod"));
+ }
// Spec says single SP but it also says be tolerant of HT
if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {
space = true;
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
Sun May 3 01:29:42 2009
@@ -391,6 +391,11 @@
throw new EOFException(sm.getString("iib.eof.error"));
}
+ // Spec says no CR or LF in method name
+ if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
+ throw new IllegalArgumentException(
+ sm.getString("iib.invalidmethod"));
+ }
// Spec says single SP but it also says be tolerant of HT
if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {
space = true;
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
Sun May 3 01:29:42 2009
@@ -454,6 +454,11 @@
if (!fill(true, false)) //request line parsing
return false;
}
+ // Spec says no CR or LF in method name
+ if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
+ throw new IllegalArgumentException(
+ sm.getString("iib.invalidmethod"));
+ }
if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {
space = true;
request.method().setBytes(buf, parsingRequestLineStart,
pos - parsingRequestLineStart);
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/LocalStrings.properties
Sun May 3 01:29:42 2009
@@ -63,4 +63,5 @@
iib.eof.error=Unexpected EOF read on the socket
iib.requestheadertoolarge.error=Request header is too large
+iib.invalidmethod=Invalid character (CR or LF) found in method name
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=771013&r1=771012&r2=771013&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun May 3 01:29:42 2009
@@ -100,6 +100,10 @@
(markt)
</fix>
<fix>
+ <bug>46984</bug>: Invalid characters in HTTP request method now result
+ in a 400 response. (markt)
+ </fix>
+ <fix>
<bug>46991</bug>: Fix AJP connector always reporting bytes received as
zero. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
