Author: kkolinko Date: Mon Aug 27 23:04:11 2012 New Revision: 1377900 URL: http://svn.apache.org/viewvc?rev=1377900&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181 Better handling of edge conditions in chunk header processing.
Added: tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java (with props) Modified: tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java Modified: tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1377900&r1=1377899&r2=1377900&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Mon Aug 27 23:04:11 2012 @@ -311,10 +311,11 @@ public class ChunkedInputFilter implemen trailer = true; } else if (!trailer) { //don't read data after the trailer - if (HexUtils.getDec(buf[pos]) != -1) { + int charValue = HexUtils.getDec(buf[pos]); + if (charValue != -1) { readDigit = true; result *= 16; - result += HexUtils.getDec(buf[pos]); + result += charValue; } else { //we shouldn't allow invalid, non hex characters //in the chunked header Modified: tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java?rev=1377900&r1=1377899&r2=1377900&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java Mon Aug 27 23:04:11 2012 @@ -34,22 +34,10 @@ public final class HexUtils { * Table for HEX to DEC byte translation. */ private static final int[] DEC = { - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00, 01, 02, 03, 04, 05, 06, 07, 8, 9, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 10, 11, 12, 13, 14, 15, }; @@ -71,7 +59,12 @@ public final class HexUtils { public static int getDec(int index){ - return DEC[index]; + // Fast for correct values, slower for incorrect ones + try { + return DEC[index - '0']; + } catch (ArrayIndexOutOfBoundsException ex) { + return -1; + } } public static byte getHex(int index){ Added: tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java?rev=1377900&view=auto ============================================================================== --- tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java (added) +++ tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java Mon Aug 27 23:04:11 2012 @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.tomcat.util.buf; + +import static org.junit.Assert.assertEquals; + +import org.junit.Test; + +/** + * Test cases for {@link HexUtils}. + */ +public class TestHexUtils { + + @Test + public void testGetDec() { + assertEquals(0, HexUtils.getDec('0')); + assertEquals(9, HexUtils.getDec('9')); + assertEquals(10, HexUtils.getDec('a')); + assertEquals(15, HexUtils.getDec('f')); + assertEquals(10, HexUtils.getDec('A')); + assertEquals(15, HexUtils.getDec('F')); + assertEquals(-1, HexUtils.getDec(0)); + assertEquals(-1, HexUtils.getDec('Z')); + assertEquals(-1, HexUtils.getDec(255)); + assertEquals(-1, HexUtils.getDec(-60)); + } +} Propchange: tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java ------------------------------------------------------------------------------ svn:eol-style = native --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org