Dear Martin
I fear Tomcat will not fix the issue. Mark Thomas states:
"If a request contains and unencoded '|' in the request-target, the
correct way to deal with it is to return a 400."
While this may be true, and when ever you are able to fix the requests
made to Tomcat, you should do it. However, if you are in a situation
like me, where this is not feasible, I see two options:
1. try to post again to the user-list in Tomcat, to raise awareness of
the issue
2. patch Tomcat
While I do not like to do this, patching Tomcat is very easy:
svn checkout http://svn.apache.org/repos/asf/tomcat/tc8.0.x/trunk/
Take a look at
java/org/apache/tomcat/util/http/parser/HttpParser.java
cd {tomcat}/trunk/
ant
and you'll find the result in {tomcat}/trunk/output/build/
Markus
Dear Martin
I fear Tomcat will not fix the issue. Mark Thomas states:
"If a request contains and unencoded '|' in the request-target, the
correct way to deal with it is to return a 400."
While this may be true, and when ever you are able to fix the requests
made to Tomcat, you should do it. However, if you are in a situation
like me, where this is not feasible, I see two options:
* try to post again to the user-list in Tomcat, to raise awareness of
the issue
* patch Tomcat
While I do not like to do this, patching Tomcat is very easy:
svn checkout http://svn.apache.org/repos/asf/tomcat/tc8.0.x/trunk/
Take a look at
java/org/apache/tomcat/util/http/parser/HttpParser.java
cd {tomcat}/trunk/
ant
and you'll find the result in {tomcat}/trunk/output/build/
Markus
Am 04.12.2016 um 02:30 schrieb Martin Gainty:
Markus
I have same problem and had to revert TC 8.38 ..please pingback when tomcat
fixed this problem
*gruss*
Martin
____________
________________________________
From: [email protected] <[email protected]>
Sent: Saturday, December 3, 2016 8:18 AM
To: Struts Developers List
Subject: Re: Valid characters in http requets: Tomcat 8.38 -> 8.39
Sorry! Wrong mailing list...
Markus
Am 03.12.2016 um 13:56 schrieb Lukasz Lenart:
Is it related to Apache Struts?
Cheers
Lukasz
2016-12-03 12:47 GMT+01:00 [email protected] <[email protected]>:
Between Tomcat 8.38 und 8.39 there seems to be a change in handling URL
parameters:
¶mxy=1|2
This will cause Tomcat to return a 400 error since 8.39. It is the character
"|" that causes the new behaviour. I suspect these changes:
https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360
[https://avatars3.githubusercontent.com/u/4690029?v=3&s=200]<https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360>
Add additional checks for valid characters to the HTTP request line ·
apache/tomcat@516bda6<https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360>
github.com
parsing so invalid request lines are rejected sooner. git-svn-id:
https://svn.apache.org/repos/asf/tomcat/trunk@1767641
13f79535-47bb-0310-9956-ffa450edef68
First thing to know:
Is this intended?
Second:
Anyway to restore the previous behaviour of 8.38 with a config option.
Thanks for considering!
Best regards
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
