On 29/06/2019 02:26, GitBox wrote:
> alpire opened a new pull request #176: CoyoteAdapter: fix out-of-bounds read
> in checkNormalize
> URL: https://github.com/apache/tomcat/pull/176
>
>
>On malformed requests, checkNormalize would throw an
> ArrayIndexOutOfBoundsException leading to a 50
markt-asf commented on a change in pull request #176: CoyoteAdapter: fix
out-of-bounds read in checkNormalize
URL: https://github.com/apache/tomcat/pull/176#discussion_r298806534
##
File path: test/org/apache/catalina/connector/TestCoyoteAdapter.java
##
@@ -326,6 +326,7 @@
markt-asf commented on a change in pull request #176: CoyoteAdapter: fix
out-of-bounds read in checkNormalize
URL: https://github.com/apache/tomcat/pull/176#discussion_r298806436
##
File path: java/org/apache/catalina/connector/CoyoteAdapter.java
##
@@ -1252,6 +1252,11 @@
markt-asf commented on a change in pull request #176: CoyoteAdapter: fix
out-of-bounds read in checkNormalize
URL: https://github.com/apache/tomcat/pull/176#discussion_r298806528
##
File path: java/org/apache/catalina/connector/CoyoteAdapter.java
##
@@ -1271,6 +1276,11 @@
markt-asf commented on a change in pull request #176: CoyoteAdapter: fix
out-of-bounds read in checkNormalize
URL: https://github.com/apache/tomcat/pull/176#discussion_r298806623
##
File path: test/org/apache/catalina/connector/TestCoyoteAdapter.java
##
@@ -344,6 +345,29 @
https://bz.apache.org/bugzilla/show_bug.cgi?id=63532
Bug ID: 63532
Summary: Wrong interpretation of EndPointConfig object life
cycle and session.getOpenSession method in web socket
Product: Tomcat 9
Version: unspecified
Har
