Author: kkolinko
Date: Wed Feb 2 03:03:08 2011
New Revision: 1066314
URL: http://svn.apache.org/viewvc?rev=1066314&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50689
Provide 100 Continue responses at appropriate points during FORM
authentication if client indicates that they are expected.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1066314&r1=1066313&r2=1066314&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Feb 2 03:03:08 2011
@@ -99,14 +99,6 @@ PATCHES PROPOSED TO BACKPORT:
s/HttpClient/sun.net.www.http.HttpClient/, to avoid confusion with Apache
component with the same name, http://hc.apache.org/httpcomponents-client-ga/
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50689
- Provide 100 Continue responses at appropriate points during FORM
- authentication if client indicates that they are expected.
- (It is backport of r987948.)
- https://issues.apache.org/bugzilla/attachment.cgi?id=26576
- +1: kkolinko, markt,funkman
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50325
Use JVM provided solutions to CVE-2009-3555 if available (i.e. RFC 5746
support)
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1066314&r1=1066313&r2=1066314&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Wed Feb 2 03:03:08 2011
@@ -246,8 +246,9 @@ public class FormAuthenticator
return (false);
}
- // Yes -- Validate the specified credentials and redirect
- // to the error page if they are not correct
+ // Yes -- Acknowledge the request, validate the specified credentials
+ // and redirect to the error page if they are not correct
+ response.sendAcknowledgement();
Realm realm = context.getRealm();
if (characterEncoding != null) {
request.setCharacterEncoding(characterEncoding);
@@ -511,6 +512,9 @@ public class FormAuthenticator
}
if ("POST".equalsIgnoreCase(request.getMethod())) {
+ // May need to acknowledge a 100-continue expectation
+ request.getResponse().sendAcknowledgement();
+
ByteChunk body = new ByteChunk();
body.setLimit(request.getConnector().getMaxSavePostSize());
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1066314&r1=1066313&r2=1066314&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Feb 2 03:03:08 2011
@@ -50,6 +50,11 @@
<bug>48822</bug>: Include context name in reload and stop log
statements.
Based on the patch provided by Marc Guillemot. (kkolinko)
</update>
+ <fix>
+ <bug>50689</bug>: Provide 100 Continue responses at appropriate points
+ during FORM authentication if client indicates that they are expected.
+ (kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
