Author: markt
Date: Wed Mar 6 20:48:18 2013
New Revision: 1453546
URL: http://svn.apache.org/r1453546
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54624
Read request body before content length header is restored for the old request
as AJP connector uses this to determine how many bytes to read (and it will
block until they are read)
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1453544
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1453546&r1=1453545&r2=1453546&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Wed Mar 6 20:48:18 2013
@@ -539,6 +539,16 @@ public class FormAuthenticator
return (false);
}
+ // Swallow any request body since we will be replacing it
+ // Need to do this before headers are restored as AJP connector uses
+ // content length header to determine how much data needs to be read
for
+ // request body
+ byte[] buffer = new byte[4096];
+ InputStream is = request.createInputStream();
+ while (is.read(buffer) >= 0) {
+ // Ignore request body
+ }
+
// Modify our current request to reflect the original one
request.clearCookies();
Iterator<Cookie> cookies = saved.getCookies();
@@ -576,13 +586,6 @@ public class FormAuthenticator
request.getCoyoteRequest().getParameters().setQueryStringEncoding(
request.getConnector().getURIEncoding());
- // Swallow any request body since we will be replacing it
- byte[] buffer = new byte[4096];
- InputStream is = request.createInputStream();
- while (is.read(buffer) >= 0) {
- // Ignore request body
- }
-
ByteChunk body = saved.getBody();
if (body != null) {
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1453546&r1=1453545&r2=1453546&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Mar 6 20:48:18 2013
@@ -108,6 +108,12 @@
is that invalid sequences at the end of the input now trigger an error
rather than being silebtly swallowed. (markt)
</fix>
+ <fix>
+ <bug>54624</bug>: Ensure that the correct request body length is used
+ when swallowing a request body after FORM authentication prior to
+ restoring the original request preventing possible hanging when
+ restoring POST requests submitted over AJP. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
