Author: markt
Date: Thu Jun 4 14:58:30 2009
New Revision: 781763
URL: http://svn.apache.org/viewvc?rev=781763&view=rev
Log: (empty)
Modified:
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11Processor.java
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalAprInputBuffer.java
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/LocalStrings.properties
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
Modified:
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=781763&r1=781762&r2=781763&view=diff
==============================================================================
---
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
(original)
+++
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
Thu Jun 4 14:58:30 2009
@@ -810,18 +810,20 @@
error = true;
}
- // Setting up filters, and parse some request headers
- thrA.setCurrentStage(endpoint, "prepareRequest");
- rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
- try {
- prepareRequest();
- } catch (Throwable t) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("http11processor.request.prepare"),
t);
+ if (!error) {
+ // Setting up filters, and parse some request headers
+ thrA.setCurrentStage(endpoint, "prepareRequest");
+ rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
+ try {
+ prepareRequest();
+ } catch (Throwable t) {
+ if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.prepare"), t);
+ }
+ // 400 - Internal Server Error
+ response.setStatus(400);
+ error = true;
}
- // 400 - Internal Server Error
- response.setStatus(400);
- error = true;
}
if (maxKeepAliveRequests > 0 && --keepAliveLeft == 0)
Modified:
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11Processor.java?rev=781763&r1=781762&r2=781763&view=diff
==============================================================================
---
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11Processor.java
(original)
+++
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/Http11Processor.java
Thu Jun 4 14:58:30 2009
@@ -850,18 +850,20 @@
error = true;
}
- // Setting up filters, and parse some request headers
- thrA.setCurrentStage(threadPool, "prepareRequest");
- rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
- try {
- prepareRequest();
- } catch (Throwable t) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("http11processor.request.prepare"),
t);
+ if (!error) {
+ // Setting up filters, and parse some request headers
+ thrA.setCurrentStage(threadPool, "prepareRequest");
+ rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE);
+ try {
+ prepareRequest();
+ } catch (Throwable t) {
+ if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.prepare"), t);
+ }
+ // 400 - Internal Server Error
+ response.setStatus(400);
+ error = true;
}
- // 400 - Internal Server Error
- response.setStatus(400);
- error = true;
}
if (maxKeepAliveRequests > 0 && --keepAliveLeft == 0)
Modified:
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalAprInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalAprInputBuffer.java?rev=781763&r1=781762&r2=781763&view=diff
==============================================================================
---
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalAprInputBuffer.java
(original)
+++
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalAprInputBuffer.java
Thu Jun 4 14:58:30 2009
@@ -527,6 +527,11 @@
throw new EOFException(sm.getString("iib.eof.error"));
}
+ // Spec says no CR or LF in method name
+ if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
+ throw new IllegalArgumentException(
+ sm.getString("iib.invalidmethod"));
+ }
// Spec says single SP but it also says be tolerant of HT
if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {
space = true;
Modified:
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java?rev=781763&r1=781762&r2=781763&view=diff
==============================================================================
---
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
(original)
+++
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
Thu Jun 4 14:58:30 2009
@@ -469,6 +469,11 @@
throw new EOFException(sm.getString("iib.eof.error"));
}
+ // Spec says no CR or LF in method name
+ if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
+ throw new IllegalArgumentException(
+ sm.getString("iib.invalidmethod"));
+ }
// Spec says single SP but it also says be tolerant of HT
if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {
space = true;
Modified:
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/LocalStrings.properties?rev=781763&r1=781762&r2=781763&view=diff
==============================================================================
---
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/LocalStrings.properties
(original)
+++
tomcat/connectors/trunk/http11/src/java/org/apache/coyote/http11/LocalStrings.properties
Thu Jun 4 14:58:30 2009
@@ -64,4 +64,4 @@
iib.eof.error=Unexpected EOF read on the socket
iib.failedread=Exception filling buffer with data from underlying input
stream: not an EAGAIN status, so perhaps disconnected client?
iib.requestheadertoolarge.error=Request header is too large
-
+iib.invalidmethod=Invalid character (CR or LF) found in method name
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=781763&r1=781762&r2=781763&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Thu Jun 4 14:58:30 2009
@@ -215,6 +215,10 @@
<bug>45528</bug>: An invalid SSL configuration could cause an infinite
logging loop on startup. (markt)
</fix>
+ <fix>
+ <bug>46984</bug>: Reject requests with invalid HTTP methods with a 400
+ rather than a 501. (markt)
+ </fix>
<update>
Update the APR/native connector to 1.1.16. (markt)
</update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
