Hi Mark,
On 05.06.2011 12:06, [email protected] wrote:
> Modified:
> tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1132362&r1=1132361&r2=1132362&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
> (original)
> +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
> Sun Jun 5 10:06:49 2011
> @@ -41,6 +41,7 @@ import org.apache.juli.logging.Log;
> import org.apache.tomcat.util.ExceptionUtils;
> import org.apache.tomcat.util.buf.Ascii;
> import org.apache.tomcat.util.buf.ByteChunk;
> +import org.apache.tomcat.util.buf.HexUtils;
> import org.apache.tomcat.util.buf.MessageBytes;
> import org.apache.tomcat.util.http.FastHttpDateFormat;
> import org.apache.tomcat.util.http.MimeHeaders;
> @@ -967,6 +968,78 @@ public abstract class AbstractHttp11Proc
>
> abstract boolean prepareSendfile(OutputFilter[] outputFilters);
>
> + /**
> + * Parse host.
> + */
> + protected void parseHost(MessageBytes valueMB) {
> +
> + if (valueMB == null || valueMB.isNull()) {
> + // HTTP/1.0
> + // If no host header, use the port info from the endpoint
> + // The host will be obtained lazily from the socket if required
> + // using ActionCode#REQ_LOCAL_NAME_ATTRIBUTE
> + request.setServerPort(endpoint.getPort());
> + return;
> + }
> +
> + ByteChunk valueBC = valueMB.getByteChunk();
> + byte[] valueB = valueBC.getBytes();
> + int valueL = valueBC.getLength();
> + int valueS = valueBC.getStart();
> + int colonPos = -1;
> + if (hostNameC.length < valueL) {
> + hostNameC = new char[valueL];
> + }
> +
> + boolean ipv6 = (valueB[valueS] == '[');
> + boolean bracketClosed = false;
> + for (int i = 0; i < valueL; i++) {
> + char b = (char) valueB[i + valueS];
> + hostNameC[i] = b;
> + if (b == ']') {
> + bracketClosed = true;
> + } else if (b == ':') {
> + if (!ipv6 || bracketClosed) {
> + colonPos = i;
> + break;
> + }
> + }
> + }
> +
> + if (colonPos < 0) {
> + if (!endpoint.isSSLEnabled()) {
> + // 80 - Default HTTP port
> + request.setServerPort(80);
> + } else {
> + // 443 - Default HTTPS port
> + request.setServerPort(443);
> + }
> + request.serverName().setChars(hostNameC, 0, valueL);
> + } else {
> +
> + request.serverName().setChars(hostNameC, 0, colonPos);
> +
> + int port = 0;
> + int mult = 1;
> + for (int i = valueL - 1; i > colonPos; i--) {
> + int charValue = HexUtils.getDec(valueB[i + valueS]);
Any idea, why hex digits (including a-f, A-F) are allowed in port numbers?
I know you only moved that code, but it reminded me of an observation I
made long ago and forgot.
> + if (charValue == -1) {
> + // Invalid character
> + error = true;
> + // 400 - Bad request
> + response.setStatus(400);
> + adapter.log(request, response, 0);
> + break;
> + }
> + port = port + (charValue * mult);
> + mult = 10 * mult;
> + }
> + request.setServerPort(port);
> +
> + }
> +
> + }
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
