This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new 55976791a2 "-1" should not be a valid port number 55976791a2 is described below commit 55976791a23b6b4d166d0358ba18c1ee3b648845 Author: Mark Thomas <ma...@apache.org> AuthorDate: Mon Aug 8 16:28:26 2022 +0100 "-1" should not be a valid port number --- .../apache/tomcat/util/http/parser/HttpParser.java | 25 ++++++++++++++++++---- .../util/http/parser/TestHttpParserHost.java | 9 ++++++++ 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java b/java/org/apache/tomcat/util/http/parser/HttpParser.java index 5d70f61f57..3dbd935d2a 100644 --- a/java/org/apache/tomcat/util/http/parser/HttpParser.java +++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java @@ -805,7 +805,11 @@ public class HttpParser { return readHostDomainName(reader); } - return pos; + if (inIPv6) { + return pos; + } else { + return validatePort(reader, pos); + } } @@ -897,7 +901,7 @@ public class HttpParser { c = reader.read(); if (c == ':') { - return pos; + return validatePort(reader, pos); } else { if(c == -1) { return -1; @@ -922,14 +926,27 @@ public class HttpParser { if (DomainParseState.COLON == state) { // State identifies the state of the previous character - return pos - 1; + return validatePort(reader, pos - 1); } else { return -1; } } - /** + static int validatePort(Reader reader, int colonPosition) throws IOException { + // Remaining characters should be numeric ... + readLong(reader); + // ... followed by EOS + if (reader.read() == -1) { + return colonPosition; + } else { + // Invalid port + throw new IllegalArgumentException(); + } + } + + + /** * Skips all characters until EOF or the specified target is found. Normally * used to skip invalid input until the next separator. */ diff --git a/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java b/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java index bd8a55e16e..a162472551 100644 --- a/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java +++ b/test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java @@ -216,6 +216,15 @@ public class TestHttpParserHost { Integer.valueOf(-1), IAE} ); result.add(new Object[] { TestType.IPv6, "[1111:2222:3333]", Integer.valueOf(-1), IAE} ); + // Domain name - invalid port + result.add(new Object[] { TestType.IPv4, "localhost:x", Integer.valueOf(-1), IAE} ); + result.add(new Object[] { TestType.IPv4, "localhost:-1", Integer.valueOf(-1), IAE} ); + // IPv4 - invalid port + result.add(new Object[] { TestType.IPv4, "127.0.0.1:x", Integer.valueOf(-1), IAE} ); + result.add(new Object[] { TestType.IPv4, "127.0.0.1:-1", Integer.valueOf(-1), IAE} ); + // IPv6 - invalid port + result.add(new Object[] { TestType.IPv4, "[::1]:x", Integer.valueOf(-1), IAE} ); + result.add(new Object[] { TestType.IPv4, "[::1]:-1", Integer.valueOf(-1), IAE} ); return result; } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org