Author: markt
Date: Tue Mar 1 12:32:25 2011
New Revision: 1075792
URL: http://svn.apache.org/viewvc?rev=1075792&view=rev
Log:
Improve handling of SSL renegotiation by failing earlier when the request body
contains more bytes than maxSavePostSize.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java?rev=1075792&r1=1075791&r2=1075792&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
Tue Mar 1 12:32:25 2011
@@ -132,8 +132,15 @@ public class SSLAuthenticator
X509Certificate certs[] = (X509Certificate[])
request.getAttribute(Globals.CERTIFICATES_ATTR);
if ((certs == null) || (certs.length < 1)) {
- request.getCoyoteRequest().action
- (ActionCode.REQ_SSL_CERTIFICATE, null);
+ try {
+ request.getCoyoteRequest().action
+ (ActionCode.REQ_SSL_CERTIFICATE, null);
+ } catch (IllegalStateException ise) {
+ // Request body was too large for save buffer
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+ sm.getString("authenticator.certificates"));
+ return false;
+ }
certs = (X509Certificate[])
request.getAttribute(Globals.CERTIFICATES_ATTR);
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java?rev=1075792&r1=1075791&r2=1075792&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
Tue Mar 1 12:32:25 2011
@@ -80,8 +80,10 @@ public class BufferedInputFilter impleme
buffered.append(tempRead);
tempRead.recycle();
}
- } catch(IOException iex) {
- // Ignore
+ } catch(IOException ioe) {
+ // No need for i18n - this isn't going to get logged anywhere
+ throw new IllegalStateException(
+ "Request body too large for buffer");
}
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1075792&r1=1075791&r2=1075792&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 1 12:32:25 2011
@@ -50,6 +50,10 @@
presented by Ant tasks to the Manager application. Based on a patch by
Stephane Bailliez. (mark)
</fix>
+ <fix>
+ Improve handling of SSL renegotiation by failing earlier when the
+ request body contains more bytes than maxSavePostSize. (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
