Author: kkolinko
Date: Mon Aug 27 23:04:11 2012
New Revision: 1377900
URL: http://svn.apache.org/viewvc?rev=1377900&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
Better handling of edge conditions in chunk header processing.
Added:
tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java (with
props)
Modified:
tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java
Modified:
tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1377900&r1=1377899&r2=1377900&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Mon Aug 27 23:04:11 2012
@@ -311,10 +311,11 @@ public class ChunkedInputFilter implemen
trailer = true;
} else if (!trailer) {
//don't read data after the trailer
- if (HexUtils.getDec(buf[pos]) != -1) {
+ int charValue = HexUtils.getDec(buf[pos]);
+ if (charValue != -1) {
readDigit = true;
result *= 16;
- result += HexUtils.getDec(buf[pos]);
+ result += charValue;
} else {
//we shouldn't allow invalid, non hex characters
//in the chunked header
Modified: tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java?rev=1377900&r1=1377899&r2=1377900&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/buf/HexUtils.java Mon Aug 27
23:04:11 2012
@@ -34,22 +34,10 @@ public final class HexUtils {
* Table for HEX to DEC byte translation.
*/
private static final int[] DEC = {
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
00, 01, 02, 03, 04, 05, 06, 07, 8, 9, -1, -1, -1, -1, -1, -1,
-1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, 10, 11, 12, 13, 14, 15,
};
@@ -71,7 +59,12 @@ public final class HexUtils {
public static int getDec(int index){
- return DEC[index];
+ // Fast for correct values, slower for incorrect ones
+ try {
+ return DEC[index - '0'];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return -1;
+ }
}
public static byte getHex(int index){
Added: tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java?rev=1377900&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java (added)
+++ tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java Mon Aug 27
23:04:11 2012
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.buf;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+/**
+ * Test cases for {@link HexUtils}.
+ */
+public class TestHexUtils {
+
+ @Test
+ public void testGetDec() {
+ assertEquals(0, HexUtils.getDec('0'));
+ assertEquals(9, HexUtils.getDec('9'));
+ assertEquals(10, HexUtils.getDec('a'));
+ assertEquals(15, HexUtils.getDec('f'));
+ assertEquals(10, HexUtils.getDec('A'));
+ assertEquals(15, HexUtils.getDec('F'));
+ assertEquals(-1, HexUtils.getDec(0));
+ assertEquals(-1, HexUtils.getDec('Z'));
+ assertEquals(-1, HexUtils.getDec(255));
+ assertEquals(-1, HexUtils.getDec(-60));
+ }
+}
Propchange: tomcat/trunk/test/org/apache/tomcat/util/buf/TestHexUtils.java
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
