This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 869b403 Treat empty token at end the same way as empty token at
start/middle
869b403 is described below
commit 869b403f279543c182fa90ab58ee04604e439feb
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jun 8 11:27:33 2021 +0100
Treat empty token at end the same way as empty token at start/middle
---
.../apache/tomcat/util/http/parser/TokenList.java | 3 ++-
.../tomcat/util/http/parser/TestTokenList.java | 29 ++++++++++++++++++++++
webapps/docs/changelog.xml | 6 +++++
3 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/http/parser/TokenList.java
b/java/org/apache/tomcat/util/http/parser/TokenList.java
index 0ab7ce1..01ac449 100644
--- a/java/org/apache/tomcat/util/http/parser/TokenList.java
+++ b/java/org/apache/tomcat/util/http/parser/TokenList.java
@@ -84,7 +84,8 @@ public class TokenList {
}
if (fieldName.length() == 0) {
- // No more data to read
+ // Unexpected EOF. Should have been a token.
+ invalid = true;
break;
}
diff --git a/test/org/apache/tomcat/util/http/parser/TestTokenList.java
b/test/org/apache/tomcat/util/http/parser/TestTokenList.java
index 6e3cbba..22f4d49 100644
--- a/test/org/apache/tomcat/util/http/parser/TestTokenList.java
+++ b/test/org/apache/tomcat/util/http/parser/TestTokenList.java
@@ -197,4 +197,33 @@ public class TestTokenList {
Assert.assertFalse(result);
}
+
+ @Test
+ public void testMultipleWithEmptyStart() throws IOException {
+ Set<String> expected = new HashSet<>();
+ expected.add("bar");
+ expected.add("foo");
+ expected.add("host");
+ doTestVary(",Host, Foo, Bar", expected, false);
+ }
+
+
+ @Test
+ public void testMultipleWithEmptyMiddle() throws IOException {
+ Set<String> expected = new HashSet<>();
+ expected.add("bar");
+ expected.add("foo");
+ expected.add("host");
+ doTestVary("Host, Foo,,Bar", expected, false);
+ }
+
+
+ @Test
+ public void testMultipleWithEmptyEnd() throws IOException {
+ Set<String> expected = new HashSet<>();
+ expected.add("bar");
+ expected.add("foo");
+ expected.add("host");
+ doTestVary("Host, Foo, Bar,", expected, false);
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1ea53e9..b21fad0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -212,6 +212,12 @@
<add>
Add debug logging for HTTP/2 HPACK header decoding. (markt)
</add>
+ <fix>
+ Correct parsing of HTTP headers consisting of a list of tokens so that
a
+ header with an empty token is treated consistently regardless of
whether
+ the empty token is at the start, middle or end of the list of tokens.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
