This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push: new 186aae3 Fix BZ 64483 Log a warning when an AJP request is rejected 186aae3 is described below commit 186aae31791ea120cf1b4ddd2f9fcb974bd1d5f9 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Jun 2 11:22:35 2020 +0100 Fix BZ 64483 Log a warning when an AJP request is rejected --- java/org/apache/coyote/ajp/AjpProcessor.java | 14 ++++---------- java/org/apache/coyote/ajp/LocalStrings.properties | 1 + webapps/docs/changelog.xml | 4 ++++ 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java index d24a818..77d6a94 100644 --- a/java/org/apache/coyote/ajp/AjpProcessor.java +++ b/java/org/apache/coyote/ajp/AjpProcessor.java @@ -30,7 +30,6 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.regex.Matcher; import java.util.regex.Pattern; import jakarta.servlet.http.HttpServletResponse; @@ -779,17 +778,12 @@ public class AjpProcessor extends AbstractProcessor { // All 'known' attributes will be processed by the previous // blocks. Any remaining attribute is an 'arbitrary' one. Pattern pattern = protocol.getAllowedRequestAttributesPatternInternal(); - if (pattern == null) { + if (pattern != null && pattern.matcher(n).matches()) { + request.setAttribute(n, v); + } else { + log.warn(sm.getString("ajpprocessor.unknownAttribute", n)); response.setStatus(403); setErrorState(ErrorState.CLOSE_CLEAN, null); - } else { - Matcher m = pattern.matcher(n); - if (m.matches()) { - request.setAttribute(n, v); - } else { - response.setStatus(403); - setErrorState(ErrorState.CLOSE_CLEAN, null); - } } } break; diff --git a/java/org/apache/coyote/ajp/LocalStrings.properties b/java/org/apache/coyote/ajp/LocalStrings.properties index ab377eb..467035d 100644 --- a/java/org/apache/coyote/ajp/LocalStrings.properties +++ b/java/org/apache/coyote/ajp/LocalStrings.properties @@ -26,6 +26,7 @@ ajpprocessor.header.tooLong=Header message of length [{0}] received but the pack ajpprocessor.readtimeout=Timeout attempting to read data from the socket ajpprocessor.request.prepare=Error preparing request ajpprocessor.request.process=Error processing request +ajpprocessor.unknownAttribute=Rejecting request due to unknown request attribute [{0}] received from reverse proxy ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration for [{0}] was ignored ajpprotocol.noSecret=The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 056cf3b..fe75def 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -87,6 +87,10 @@ Expose server certificate through the <code>SSLSupport</code> interface. (remm) </update> + <add> + <bug>64483</bug>: Log a warning if an AJP request is rejected because it + contains an unexpected request attribute. (markt) + </add> <fix> <bug>64485</bug>: Fix possible resource leak geting last modified from <code>ConfigurationSource.Resource</code>. (remm) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org