Re: svn commit: r1379178 - in /tomcat/trunk: java/org/apache/coyote/http11/ test/org/apache/coyote/http11/

Fri, 31 Aug 2012 05:39:34 -0700 

2012/8/31 Konstantin Kolinko <knst.koli...@gmail.com>:
> 2012/8/31  <ma...@apache.org>:
>> Author: markt
>> Date: Thu Aug 30 21:57:15 2012
>> New Revision: 1379178
>>
>> URL: http://svn.apache.org/viewvc?rev=1379178&view=rev
>> Log:
>> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53677
>> Ensure a 500 response of the HTTP headers exceed the size limit
>>
>
>> --- tomcat/trunk/java/org/apache/coyote/http11/AbstractOutputBuffer.java 
>> (original)
>> +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractOutputBuffer.java Thu 
>> Aug 30 21:57:15 2012
>> @@ -250,7 +250,10 @@ public abstract class AbstractOutputBuff
>>
>>          // Recycle Request object
>>          response.recycle();
>> -
>> +        // These will need to be reset if the reset was triggered by the 
>> error
>> +        // handling if the headers were too large
>> +        pos = 0;
>> +        byteCount = 0;
>>      }
>
> There is a use case when there is custom error page for 401 response.
> In that case authentication headers are set before  custom error page
> is requested and have to be preserved.  (BZ 42409)
>
> I have yet to check it, but if that processing is broken by this, I will be 
> -1.

OK. I tested and there are no regressions from this.

The manager webapp still works (it uses a custom error 401 page), and
code reproducing BZ 42409 still works.


For record, here it is the difference between
1) org.apache.coyote.http11.AbstractOutputBuffer#reset()
Called from
<- org.apache.coyote.Response#reset()
 which does "headers.clear()" among other things
<- called by org.apache.catalina.connector.Response#reset()
<- implements javax.servlet.SevletResponse#reset()

which clears all, including the the headers,
and
2) org.apache.catalina.connector.OutputBuffer#reset()
<- called by org.apache.catalina.connector.Response#resetBuffer()
<- implements javax.servlet.SevletResponse#resetBuffer()

which clears the buffer only, leaving the headers and status code intact.

:)

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to