cc: dev 2012/1/23 kitagawa <kitagawawo...@gmail.com>: >> >> While developing using ubuntu 11.04, tomcat 6.0.33 and java 1.5 I ran >> into a problem after setting the character encoding filter for >> requests. >> When posting a request, the value of any field with only a single >> character submitted is cleared. >> >> I also tested this issue with: >> tomcat 6.0.32 and java 1.5 (no problem) >> tomcat 6.0.35 and java 1.5 (same error occured) >> tomcat 6.0.33 and java 1.6 (no problem) >> tomcat 6.0.35 and java 1.6 (no problem) >> >> >> This can be repeated using the RequestParamExample that comes with tomcat. >> >> 1. uncomment the "Set Character Encoding" line in >> apache-tomcat-6.0.33\webapps\examples\WEB-INF\web.xml (lines 88 and >> 93) >> 2. start tomcat >> 3. go to http://localhost:8080/examples/servlets/servlet/RequestParamExample >> and enter a single character into the first or last name fields then >> post. >> >> The entered value does not show up. Instead, the value shows up blank. >> If I enter two characters they appear correctly. >>
> > I researched it some more and found a bug in Java 1.5 in > java.nio.charset.Charset.decode() that might be the cause. > A ticket was submitted regarding a similar problem to sun in 2004 > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6196991 > (patched in Java 1.6) > > Tomcat 6.0.33 r1140904 the > /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/ByteChunk.java > class was changed to use java.nio.charset.Charset.decode(). > This is probably why there was no problem before in version 6.0.32. > FYI: The same issue reported against 5.5.35: https://issues.apache.org/bugzilla/show_bug.cgi?id=52579 Thank you for your research. I think you are right. Though I am not sure how much this can be fixed in Tomcat now. 1. r1140904 [1] in 6.0.33 is a fix for issue 51400. Reverting it will reintroduce the issue. 2. The recent code that uses Charset in 5.5.35 and 6.0.35 is part of fix for CVE-2012-0022 [2] So a different implementation might be needed. [1] http://svn.apache.org/viewvc?view=revision&revision=1140904 [2] http://tomcat.apache.org/security.html The good news are that it does not affect UTF-8, so using that encoding may be a workaround. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
