(tomcat) branch 9.0.x updated: Ensure IOException on request read always triggers error handling

Wed, 08 Nov 2023 08:02:06 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 7a2d8818fc Ensure IOException on request read always triggers error 
handling
7a2d8818fc is described below

commit 7a2d8818fcea0b51747a67af9510ce7977245ebd
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Nov 8 15:25:17 2023 +0000

    Ensure IOException on request read always triggers error handling
---
 .../org/apache/catalina/connector/InputBuffer.java | 14 ++++
 .../http11/filters/TestChunkedInputFilter.java     | 77 ++++++++++++++++++++++
 webapps/docs/changelog.xml                         |  5 ++
 3 files changed, 96 insertions(+)

diff --git a/java/org/apache/catalina/connector/InputBuffer.java 
b/java/org/apache/catalina/connector/InputBuffer.java
index 59e85c8ca6..013b4a49a1 100644
--- a/java/org/apache/catalina/connector/InputBuffer.java
+++ b/java/org/apache/catalina/connector/InputBuffer.java
@@ -29,6 +29,7 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
 import javax.servlet.ReadListener;
+import javax.servlet.RequestDispatcher;
 
 import org.apache.catalina.security.SecurityUtil;
 import org.apache.coyote.ActionCode;
@@ -295,6 +296,7 @@ public class InputBuffer extends Reader implements 
ByteChunk.ByteInputChannel, A
      *
      * @throws IOException An underlying IOException occurred
      */
+    @SuppressWarnings("deprecation")
     @Override
     public int realReadBytes() throws IOException {
         if (closed) {
@@ -308,11 +310,23 @@ public class InputBuffer extends Reader implements 
ByteChunk.ByteInputChannel, A
         try {
             return coyoteRequest.doRead(this);
         } catch (BadRequestException bre) {
+            // Set flag used by asynchronous processing to detect errors on 
non-container threads
             coyoteRequest.setErrorException(bre);
+            // In synchronous processing, this exception may be swallowed by 
the application so set error flags here.
+            coyoteRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION, bre);
+            coyoteRequest.getResponse().setStatus(400);
+            coyoteRequest.getResponse().setError();
+            // Make the exception visible to the application
             throw bre;
         } catch (IOException ioe) {
+            // Set flag used by asynchronous processing to detect errors on 
non-container threads
             coyoteRequest.setErrorException(ioe);
+            // In synchronous processing, this exception may be swallowed by 
the application so set error flags here.
+            coyoteRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION, ioe);
+            coyoteRequest.getResponse().setStatus(400);
+            coyoteRequest.getResponse().setError();
             // Any other IOException on a read is almost always due to the 
remote client aborting the request.
+            // Make the exception visible to the application
             throw new ClientAbortException(ioe);
         }
     }
diff --git a/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java 
b/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
index 4c91e131f5..d568e90ec8 100644
--- a/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
+++ b/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
@@ -428,6 +428,83 @@ public class TestChunkedInputFilter extends TomcatBaseTest 
{
         }
     }
 
+
+    @Test
+    public void testTrailerHeaderNameNotTokenThrowException() throws Exception 
{
+        doTestTrailerHeaderNameNotToken(false);
+    }
+
+    @Test
+    public void testTrailerHeaderNameNotTokenSwallowException() throws 
Exception {
+        doTestTrailerHeaderNameNotToken(true);
+    }
+
+    private void doTestTrailerHeaderNameNotToken(boolean swallowException) 
throws Exception {
+
+        // Setup Tomcat instance
+        Tomcat tomcat = getTomcatInstance();
+
+        // No file system docBase required
+        Context ctx = tomcat.addContext("", null);
+
+        Tomcat.addServlet(ctx, "servlet", new 
SwallowBodyServlet(swallowException));
+        ctx.addServletMappingDecoded("/", "servlet");
+
+        tomcat.start();
+
+        String[] request = new String[]{
+            "POST / HTTP/1.1" + SimpleHttpClient.CRLF +
+            "Host: localhost" + SimpleHttpClient.CRLF +
+            "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
+            "Content-Type: application/x-www-form-urlencoded" + 
SimpleHttpClient.CRLF +
+            "Connection: close" + SimpleHttpClient.CRLF +
+            SimpleHttpClient.CRLF +
+            "3" + SimpleHttpClient.CRLF +
+            "a=0" + SimpleHttpClient.CRLF +
+            "4" + SimpleHttpClient.CRLF +
+            "&b=1" + SimpleHttpClient.CRLF +
+            "0" + SimpleHttpClient.CRLF +
+            "x@trailer: Test" + SimpleHttpClient.CRLF +
+            SimpleHttpClient.CRLF };
+
+        TrailerClient client = new 
TrailerClient(tomcat.getConnector().getLocalPort());
+        client.setRequest(request);
+
+        client.connect();
+        client.processRequest();
+        // Expected to fail because of invalid trailer header name
+        Assert.assertTrue(client.getResponseLine(), client.isResponse400());
+    }
+
+    private static class SwallowBodyServlet extends HttpServlet {
+        private static final long serialVersionUID = 1L;
+
+        private final boolean swallowException;
+
+        SwallowBodyServlet(boolean swallowException) {
+            this.swallowException = swallowException;
+        }
+
+        @Override
+        protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+                throws ServletException, IOException {
+            resp.setContentType("text/plain");
+            PrintWriter pw = resp.getWriter();
+
+            // Read the body
+            InputStream is = req.getInputStream();
+            try {
+                while (is.read() > -1) {
+                }
+                pw.write("OK");
+            } catch (IOException ioe) {
+                if (!swallowException) {
+                    throw ioe;
+                }
+            }
+        }
+    }
+
     private static class EchoHeaderServlet extends HttpServlet {
         private static final long serialVersionUID = 1L;
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 683cdd061d..e79fdaa902 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -149,6 +149,11 @@
         Use a 400 status code to report an error due to a bad request (e.g. an
         invalid trailer header) rather than a 500 status code. (markt)
       </fix>
+      <fix>
+        Ensure that an <code>IOException</code> during the reading of the
+        request triggers always error handling, regardless of whether the
+        application swallows the exception. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to