Author: markt
Date: Thu Feb 23 23:05:09 2012
New Revision: 1293015
URL: http://svn.apache.org/viewvc?rev=1293015&view=rev
Log:
Validate any close payload is UTF-8
Modified:
tomcat/trunk/java/org/apache/catalina/websocket/WsFrame.java
Modified: tomcat/trunk/java/org/apache/catalina/websocket/WsFrame.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/websocket/WsFrame.java?rev=1293015&r1=1293014&r2=1293015&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/websocket/WsFrame.java (original)
+++ tomcat/trunk/java/org/apache/catalina/websocket/WsFrame.java Thu Feb 23
23:05:09 2012
@@ -18,6 +18,8 @@ package org.apache.catalina.websocket;
import java.io.IOException;
import java.nio.ByteBuffer;
+import java.nio.CharBuffer;
+import java.nio.charset.CoderResult;
import org.apache.catalina.util.Conversions;
import org.apache.coyote.http11.upgrade.UpgradeProcessor;
@@ -88,6 +90,19 @@ public class WsFrame {
// Note: Payload limited to <= 125 bytes by test above
payload = ByteBuffer.allocate((int) payloadLength);
processorRead(processor, payload);
+
+ if (opCode == Constants.OPCODE_CLOSE && payloadLength > 2) {
+ // Check close payload - if present - is valid UTF-8
+ CharBuffer cb = CharBuffer.allocate((int) payloadLength);
+ Utf8Decoder decoder = new Utf8Decoder();
+ payload.position(2);
+ CoderResult cr = decoder.decode(payload, cb, true);
+ payload.position(0);
+ if (cr.isError()) {
+ // TODO i18n
+ throw new IOException("Not UTF-8");
+ }
+ }
} else {
payload = null;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
