svn commit: r1453546 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/authenticator/FormAuthenticator.java webapps/docs/changelog.xml

Wed, 06 Mar 2013 12:48:40 -0800 

Author: markt
Date: Wed Mar  6 20:48:18 2013
New Revision: 1453546

URL: http://svn.apache.org/r1453546
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54624
Read request body before content length header is restored for the old request 
as AJP connector uses this to determine how many bytes to read (and it will 
block until they are read)

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1453544

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1453546&r1=1453545&r2=1453546&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
 Wed Mar  6 20:48:18 2013
@@ -539,6 +539,16 @@ public class FormAuthenticator
             return (false);
         }
 
+        // Swallow any request body since we will be replacing it
+        // Need to do this before headers are restored as AJP connector uses
+        // content length header to determine how much data needs to be read 
for
+        // request body
+        byte[] buffer = new byte[4096];
+        InputStream is = request.createInputStream();
+        while (is.read(buffer) >= 0) {
+            // Ignore request body
+        }
+
         // Modify our current request to reflect the original one
         request.clearCookies();
         Iterator<Cookie> cookies = saved.getCookies();
@@ -576,13 +586,6 @@ public class FormAuthenticator
         request.getCoyoteRequest().getParameters().setQueryStringEncoding(
                 request.getConnector().getURIEncoding());
 
-        // Swallow any request body since we will be replacing it
-        byte[] buffer = new byte[4096];
-        InputStream is = request.createInputStream();
-        while (is.read(buffer) >= 0) {
-            // Ignore request body
-        }
-
         ByteChunk body = saved.getBody();
 
         if (body != null) {

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1453546&r1=1453545&r2=1453546&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Mar  6 20:48:18 2013
@@ -108,6 +108,12 @@
         is that invalid sequences at the end of the input now trigger an error
         rather than being silebtly swallowed. (markt)
       </fix>
+      <fix>
+        <bug>54624</bug>: Ensure that the correct request body length is used
+        when swallowing a request body after FORM authentication prior to
+        restoring the original request preventing possible hanging when
+        restoring POST requests submitted over AJP. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to