(tomcat) branch 8.5.x updated: Better message if size limit is reached reading trailer header value

Thu, 09 Nov 2023 00:57:58 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 02f8b8bdd6 Better message if size limit is reached reading trailer 
header value
02f8b8bdd6 is described below

commit 02f8b8bdd66d6cac5299187408a2274538ae5a8f
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Nov 9 08:46:00 2023 +0000

    Better message if size limit is reached reading trailer header value
---
 java/org/apache/coyote/http11/filters/ChunkedInputFilter.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java 
b/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
index 2349af04b9..42ace5df3c 100644
--- a/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
@@ -626,6 +626,8 @@ public class ChunkedInputFilter implements InputFilter, 
ApplicationBufferHandler
                     eol = true;
                 } else if (HttpParser.isControl(chr) && chr != Constants.HT) {
                     throw new 
IOException(sm.getString("chunkedInputFilter.invalidTrailerHeaderValue"));
+                } else if (trailingHeaders.getEnd() >= 
trailingHeaders.getLimit()) {
+                    
throwBadRequestException(sm.getString("chunkedInputFilter.maxTrailer"));
                 } else if (chr == Constants.SP || chr == Constants.HT) {
                     trailingHeaders.append(chr);
                 } else {
@@ -651,6 +653,8 @@ public class ChunkedInputFilter implements InputFilter, 
ApplicationBufferHandler
             chr = readChunk.get(readChunk.position());
             if (chr != Constants.SP && chr != Constants.HT) {
                 validLine = false;
+            } else if (trailingHeaders.getEnd() >= trailingHeaders.getLimit()) 
{
+                
throwBadRequestException(sm.getString("chunkedInputFilter.maxTrailer"));
             } else {
                 eol = false;
                 // Copying one extra space in the buffer (since there must


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to