[tomcat] branch 8.5.x updated: Use parts size for maxParameterCount

Tue, 08 Aug 2023 04:28:08 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 493c208cc9 Use parts size for maxParameterCount
493c208cc9 is described below

commit 493c208cc9fbb2eebc7096fb444a4def460143f4
Author: remm <r...@apache.org>
AuthorDate: Tue Aug 8 13:23:35 2023 +0200

    Use parts size for maxParameterCount
    
    If parsing the parts first (which is usually not what happens), then the
    parts count should affect maxParameterCount. Since the resource use of
    parameters is small, allowing maxParameterCount parameters in addition
    to the parts is not a noticeable issue. Parsing parameters first is
    recommended though.
    Report submitted by Matus Madzin.
---
 java/org/apache/catalina/connector/Request.java | 6 +++++-
 webapps/docs/changelog.xml                      | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 276343415c..1adc04e392 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -3161,7 +3161,11 @@ public class Request implements HttpServletRequest {
         boolean success = false;
         try {
             // Set this every time in case limit has been changed via JMX
-            parameters.setLimit(getConnector().getMaxParameterCount());
+            int maxParameterCount = getConnector().getMaxParameterCount();
+            if (parts != null && maxParameterCount > 0) {
+                maxParameterCount -= parts.size();
+            }
+            parameters.setLimit(maxParameterCount);
 
             // getCharacterEncoding() may have been overridden to search for
             // hidden form field containing request encoding
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 14854dcab1..2b5004c540 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -124,6 +124,11 @@
         <bug>66822</bug>: Use the same naming format in log messages for
         Connector instances as the associated ProtocolHandler instance. (markt)
       </fix>
+      <fix>
+        The parts count should also lower the actual
+        <code>maxParameterCount</code> used for parsing parameters if parts are
+        parsed first. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to