Author: kkolinko
Date: Wed Sep 5 07:22:33 2012
New Revision: 1381038
URL: http://svn.apache.org/viewvc?rev=1381038&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
Better handling of edge conditions in chunk header processing
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/HexUtils.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/tc6.0.x/trunk/java/org/apache/jk/common/HandlerRequest.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/HexUtils.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Sep 5 07:22:33 2012
@@ -136,12 +136,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko, jfclere
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
- Better handling of edge conditions in chunk header processing
- https://issues.apache.org/bugzilla/attachment.cgi?id=29288
- +1: kkolinko, kfujino, jfclere
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53793
Change links on the list of applications in the Manager to point to
'/appname/' instead of '/appname'.
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/HexUtils.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/HexUtils.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/HexUtils.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/HexUtils.java Wed Sep 5
07:22:33 2012
@@ -30,27 +30,6 @@ import java.io.ByteArrayOutputStream;
public final class HexUtils {
// Code from Ajp11, from Apache's JServ
- // Table for HEX to DEC byte translation
- public static final int[] DEC = {
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- 00, 01, 02, 03, 04, 05, 06, 07, 8, 9, -1, -1, -1, -1, -1, -1,
- -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- };
-
-
/**
* The string manager for this package.
@@ -121,41 +100,6 @@ public final class HexUtils {
}
- /**
- * Convert 4 hex digits to an int, and return the number of converted
- * bytes.
- *
- * @param hex Byte array containing exactly four hexadecimal digits
- *
- * @exception IllegalArgumentException if an invalid hexadecimal digit
- * is included
- */
- public static int convert2Int( byte[] hex ) {
- // Code from Ajp11, from Apache's JServ
-
- // assert b.length==4
- // assert valid data
- int len;
- if(hex.length < 4 ) return 0;
- if( DEC[hex[0]]<0 )
- throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len = DEC[hex[0]];
- len = len << 4;
- if( DEC[hex[1]]<0 )
- throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[1]];
- len = len << 4;
- if( DEC[hex[2]]<0 )
- throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[2]];
- len = len << 4;
- if( DEC[hex[3]]<0 )
- throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[3]];
- return len;
- }
-
-
/**
* [Private] Convert the specified value (0 .. 15) to the corresponding
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java Wed
Sep 5 07:22:33 2012
@@ -110,7 +110,7 @@ public class AjpAprProcessor implements
outputBuffer = ByteBuffer.allocateDirect(packetSize * 2);
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
// Cause loading of HttpMessages
HttpMessages.getMessage(200);
@@ -956,7 +956,7 @@ public class AjpAprProcessor implements
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java Wed Sep
5 07:22:33 2012
@@ -104,7 +104,7 @@ public class AjpProcessor implements Act
0, getBodyMessage.getLen());
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
// Cause loading of HttpMessages
HttpMessages.getMessage(200);
@@ -961,7 +961,7 @@ public class AjpProcessor implements Act
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
Wed Sep 5 07:22:33 2012
@@ -107,7 +107,7 @@ public class Http11AprProcessor implemen
initializeFilters();
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
}
@@ -1535,7 +1535,7 @@ public class Http11AprProcessor implemen
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
Wed Sep 5 07:22:33 2012
@@ -111,7 +111,7 @@ public class Http11NioProcessor implemen
initializeFilters();
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
}
@@ -1531,7 +1531,7 @@ public class Http11NioProcessor implemen
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java Wed
Sep 5 07:22:33 2012
@@ -101,7 +101,7 @@ public class Http11Processor implements
initializeFilters();
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
}
@@ -1413,7 +1413,7 @@ public class Http11Processor implements
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Wed Sep 5 07:22:33 2012
@@ -307,10 +307,11 @@ public class ChunkedInputFilter implemen
trailer = true;
} else if (!trailer) {
//don't read data after the trailer
- if (HexUtils.DEC[buf[pos]] != -1) {
+ int charValue = HexUtils.getDec(buf[pos]);
+ if (charValue != -1) {
readDigit = true;
result *= 16;
- result += HexUtils.DEC[buf[pos]];
+ result += charValue;
} else {
//we shouldn't allow invalid, non hex characters
//in the chunked header
Modified: tomcat/tc6.0.x/trunk/java/org/apache/jk/common/HandlerRequest.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jk/common/HandlerRequest.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jk/common/HandlerRequest.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jk/common/HandlerRequest.java Wed Sep
5 07:22:33 2012
@@ -697,7 +697,7 @@ public class HandlerRequest extends JkHa
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
throw new CharConversionException("Invalid char in port: "
+ valueB[i + valueS]);
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/HexUtils.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/HexUtils.java?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/HexUtils.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/HexUtils.java Wed Sep
5 07:22:33 2012
@@ -37,23 +37,11 @@ public final class HexUtils {
/**
* Table for HEX to DEC byte translation.
*/
- public static final int[] DEC = {
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ private static final int[] DEC = {
00, 01, 02, 03, 04, 05, 06, 07, 8, 9, -1, -1, -1, -1, -1, -1,
-1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, 10, 11, 12, 13, 14, 15,
};
@@ -75,6 +63,14 @@ public final class HexUtils {
// --------------------------------------------------------- Static Methods
+ public static int getDec(int index){
+ // Fast for correct values, slower for incorrect ones
+ try {
+ return DEC[index - '0'];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return -1;
+ }
+ }
/**
* Convert a String of hexadecimal digits into the corresponding
@@ -146,6 +142,7 @@ public final class HexUtils {
*
* @exception IllegalArgumentException if an invalid hexadecimal digit
* is included
+ * @deprecated Not used, will be removed in Tomcat 7
*/
public static int convert2Int( byte[] hex ) {
// Code from Ajp11, from Apache's JServ
@@ -154,21 +151,21 @@ public final class HexUtils {
// assert valid data
int len;
if(hex.length < 4 ) return 0;
- if( DEC[hex[0]]<0 )
+ if( getDec(hex[0])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len = DEC[hex[0]];
+ len = getDec(hex[0]);
len = len << 4;
- if( DEC[hex[1]]<0 )
+ if( getDec(hex[1])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[1]];
+ len += getDec(hex[1]);
len = len << 4;
- if( DEC[hex[2]]<0 )
+ if( getDec(hex[2])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[2]];
+ len += getDec(hex[2]);
len = len << 4;
- if( DEC[hex[3]]<0 )
+ if( getDec(hex[3])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[3]];
+ len += getDec(hex[3]);
return len;
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1381038&r1=1381037&r2=1381038&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Sep 5 07:22:33 2012
@@ -205,6 +205,10 @@
</subsection>
<subsection name="Coyote">
<changelog>
+ <fix>
+ <bug>42181</bug>: Better handling of edge conditions in chunk header
+ processing. (kkolinko)
+ </fix>
<update>
<bug>51477</bug>: Support all SSL protocol combinations in the
APR/native
connector. This only works when using the native library version 1.1.21
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
