Author: markt
Date: Wed Jun 3 13:22:11 2009
New Revision: 781362
URL: http://svn.apache.org/viewvc?rev=781362&view=rev
Log:
Make sure the 400 is returned to the browser. (like other connectors).
The prevents a possible DOS via invalid headers and is the fix for
CVE-2009-0033.
Modified:
tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java
tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java
tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java
Modified:
tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java?rev=781362&r1=781361&r2=781362&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java
(original)
+++ tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java
Wed Jun 3 13:22:11 2009
@@ -56,6 +56,7 @@
import org.apache.coyote.Request;
import org.apache.coyote.RequestGroupInfo;
import org.apache.coyote.RequestInfo;
+import org.apache.coyote.ActionCode;
import org.apache.tomcat.util.threads.ThreadPool;
import org.apache.tomcat.util.threads.ThreadPoolRunnable;
@@ -854,6 +855,7 @@
status= invoke( recv, ep );
if( status != JkHandler.OK ) {
log.warn("processCallbacks status " + status );
+ ep.action(ActionCode.ACTION_CLOSE,
ep.getRequest().getResponse());
return false;
}
synchronized(this) {
Modified:
tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java?rev=781362&r1=781361&r2=781362&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java
(original)
+++ tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java Wed
Jun 3 13:22:11 2009
@@ -46,6 +46,7 @@
import org.apache.coyote.Request;
import org.apache.coyote.RequestGroupInfo;
import org.apache.coyote.RequestInfo;
+import org.apache.coyote.ActionCode;
import org.apache.tomcat.util.threads.ThreadPool;
import org.apache.tomcat.util.threads.ThreadPoolRunnable;
@@ -703,6 +704,7 @@
status= this.invoke( recv, ep );
if( status!= JkHandler.OK ) {
log.warn("processCallbacks status " + status );
+ ep.action(ActionCode.ACTION_CLOSE,
ep.getRequest().getResponse());
break;
}
}
Modified:
tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java?rev=781362&r1=781361&r2=781362&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java
(original)
+++ tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java
Wed Jun 3 13:22:11 2009
@@ -265,8 +265,16 @@
((Request)ep.getRequest()).unparsedURI());
}
} catch( Exception ex ) {
+ /* If we are here it is because we have a bad header or
something like that */
log.error( "Error decoding request ", ex );
msg.dump( "Incomming message");
+ Response res=ep.getRequest().getResponse();
+ if ( res==null ) {
+ res=new Response();
+ ep.getRequest().setResponse(res);
+ }
+ res.setMessage("Bad Request");
+ res.setStatus(400);
return ERROR;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
