This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 186aae3 Fix BZ 64483 Log a warning when an AJP request is rejected
186aae3 is described below
commit 186aae31791ea120cf1b4ddd2f9fcb974bd1d5f9
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jun 2 11:22:35 2020 +0100
Fix BZ 64483 Log a warning when an AJP request is rejected
---
java/org/apache/coyote/ajp/AjpProcessor.java | 14 ++++----------
java/org/apache/coyote/ajp/LocalStrings.properties | 1 +
webapps/docs/changelog.xml | 4 ++++
3 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java
b/java/org/apache/coyote/ajp/AjpProcessor.java
index d24a818..77d6a94 100644
--- a/java/org/apache/coyote/ajp/AjpProcessor.java
+++ b/java/org/apache/coyote/ajp/AjpProcessor.java
@@ -30,7 +30,6 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import java.util.regex.Matcher;
import java.util.regex.Pattern;
import jakarta.servlet.http.HttpServletResponse;
@@ -779,17 +778,12 @@ public class AjpProcessor extends AbstractProcessor {
// All 'known' attributes will be processed by the previous
// blocks. Any remaining attribute is an 'arbitrary' one.
Pattern pattern =
protocol.getAllowedRequestAttributesPatternInternal();
- if (pattern == null) {
+ if (pattern != null && pattern.matcher(n).matches()) {
+ request.setAttribute(n, v);
+ } else {
+ log.warn(sm.getString("ajpprocessor.unknownAttribute",
n));
response.setStatus(403);
setErrorState(ErrorState.CLOSE_CLEAN, null);
- } else {
- Matcher m = pattern.matcher(n);
- if (m.matches()) {
- request.setAttribute(n, v);
- } else {
- response.setStatus(403);
- setErrorState(ErrorState.CLOSE_CLEAN, null);
- }
}
}
break;
diff --git a/java/org/apache/coyote/ajp/LocalStrings.properties
b/java/org/apache/coyote/ajp/LocalStrings.properties
index ab377eb..467035d 100644
--- a/java/org/apache/coyote/ajp/LocalStrings.properties
+++ b/java/org/apache/coyote/ajp/LocalStrings.properties
@@ -26,6 +26,7 @@ ajpprocessor.header.tooLong=Header message of length [{0}]
received but the pack
ajpprocessor.readtimeout=Timeout attempting to read data from the socket
ajpprocessor.request.prepare=Error preparing request
ajpprocessor.request.process=Error processing request
+ajpprocessor.unknownAttribute=Rejecting request due to unknown request
attribute [{0}] received from reverse proxy
ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration
for [{0}] was ignored
ajpprotocol.noSecret=The AJP Connector is configured with
secretRequired="true" but the secret attribute is either null or "". This
combination is not valid.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 056cf3b..fe75def 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -87,6 +87,10 @@
Expose server certificate through the <code>SSLSupport</code>
interface. (remm)
</update>
+ <add>
+ <bug>64483</bug>: Log a warning if an AJP request is rejected because
it
+ contains an unexpected request attribute. (markt)
+ </add>
<fix>
<bug>64485</bug>: Fix possible resource leak geting last modified from
<code>ConfigurationSource.Resource</code>. (remm)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
