Author: markt
Date: Mon Oct 1 09:43:50 2012
New Revision: 1392254
URL: http://svn.apache.org/viewvc?rev=1392254&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
A. Better handling of edge conditions in chunk header processing (BZ 42181)
B. Improve chunk header parsing. Properly ignore chunk-extension suffix, not
trying to parse digits contained in it. Reject chunks whose header is incorrect.
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Oct 1 09:43:50 2012
@@ -28,15 +28,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK/
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
- A. Better handling of edge conditions in chunk header processing (BZ 42181)
- B. Improve chunk header parsing. Properly ignore chunk-extension suffix,
- not trying to parse digits contained in it. Reject chunks whose header is
- incorrect. (backport of r423453)
- https://issues.apache.org/bugzilla/attachment.cgi?id=29295
- +1: kkolinko, markt, kfujino
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53830
Better handling of Manager.randomFile default value on Windows
https://issues.apache.org/bugzilla/attachment.cgi?id=29331
Modified:
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
Mon Oct 1 09:43:50 2012
@@ -85,6 +85,11 @@ public final class Constants {
*/
public static final byte COLON = (byte) ':';
+ /**
+ * SEMI_COLON.
+ */
+ public static final byte SEMI_COLON = (byte) ';';
+
/**
* 'A'.
Modified:
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
Mon Oct 1 09:43:50 2012
@@ -113,7 +113,7 @@ public class Http11AprProcessor implemen
initializeFilters();
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
// Cause loading of FastHttpDateFormat
FastHttpDateFormat.getCurrentDate();
@@ -1461,7 +1461,7 @@ public class Http11AprProcessor implemen
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified:
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
Mon Oct 1 09:43:50 2012
@@ -111,7 +111,7 @@ public class Http11Processor implements
initializeFilters();
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
}
@@ -1422,7 +1422,7 @@ public class Http11Processor implements
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified:
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Mon Oct 1 09:43:50 2012
@@ -28,7 +28,8 @@ import org.apache.coyote.http11.Constant
import org.apache.coyote.http11.InputFilter;
/**
- * Chunked input filter.
+ * Chunked input filter. Parses chunked data according to
+ * <a
href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6.1";>http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6.1</a><br>
*
* @author Remy Maucherat
*/
@@ -128,7 +129,7 @@ public class ChunkedInputFilter implemen
if (remaining <= 0) {
if (!parseChunkHeader()) {
- throw new IOException("Invalid chunk");
+ throw new IOException("Invalid chunk header");
}
if (endChunk) {
parseEndChunk();
@@ -236,6 +237,14 @@ public class ChunkedInputFilter implemen
/**
* Parse the header of a chunk.
+ * A chunk header can look like one of the following:<br />
+ * A10CRLF<br />
+ * F23;chunk-extension to be ignoredCRLF
+ *
+ * <p>
+ * The letters before CRLF or ';' (whatever comes first) must be valid hex
+ * digits. We should not parse F23IAMGONNAMESSTHISUP34CRLF as a valid
+ * header according to the spec.
*/
protected boolean parseChunkHeader()
throws IOException {
@@ -243,6 +252,7 @@ public class ChunkedInputFilter implemen
int result = 0;
boolean eol = false;
boolean readDigit = false;
+ boolean trailer = false;
while (!eol) {
@@ -254,11 +264,19 @@ public class ChunkedInputFilter implemen
if (buf[pos] == Constants.CR) {
} else if (buf[pos] == Constants.LF) {
eol = true;
- } else {
- if (HexUtils.DEC[buf[pos]] != -1) {
+ } else if (buf[pos] == Constants.SEMI_COLON) {
+ trailer = true;
+ } else if (!trailer) {
+ //don't read data after the trailer
+ int charValue = HexUtils.getDec(buf[pos]);
+ if (charValue != -1) {
readDigit = true;
result *= 16;
- result += HexUtils.DEC[buf[pos]];
+ result += charValue;
+ } else {
+ //we shouldn't allow invalid, non hex characters
+ //in the chunked header
+ return false;
}
}
Modified:
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java
Mon Oct 1 09:43:50 2012
@@ -103,7 +103,7 @@ public class AjpAprProcessor implements
outputBuffer = ByteBuffer.allocateDirect(packetSize * 2);
// Cause loading of HexUtils
- int foo = HexUtils.DEC[0];
+ HexUtils.getDec('0');
// Cause loading of HttpMessages
HttpMessages.getMessage(200);
@@ -935,7 +935,7 @@ public class AjpAprProcessor implements
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
error = true;
Modified:
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java
Mon Oct 1 09:43:50 2012
@@ -674,7 +674,7 @@ public class HandlerRequest extends JkHa
int port = 0;
int mult = 1;
for (int i = valueL - 1; i > colonPos; i--) {
- int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+ int charValue = HexUtils.getDec(valueB[i + valueS]);
if (charValue == -1) {
// Invalid character
throw new CharConversionException("Invalid char in port: "
+ valueB[i + valueS]);
Modified:
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java
Mon Oct 1 09:43:50 2012
@@ -36,6 +36,7 @@ public final class HexUtils {
/**
* Table for HEX to DEC byte translation.
+ * @deprecated Use {@link #getDec(int)}
*/
public static final int[] DEC = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
@@ -76,6 +77,15 @@ public final class HexUtils {
// --------------------------------------------------------- Static Methods
+ public static int getDec(int index){
+ try {
+ return DEC[index];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return -1;
+ }
+ }
+
+
/**
* Convert a String of hexadecimal digits into the corresponding
* byte array by encoding each two hexadecimal digits as a byte.
@@ -154,21 +164,21 @@ public final class HexUtils {
// assert valid data
int len;
if(hex.length < 4 ) return 0;
- if( DEC[hex[0]]<0 )
+ if( getDec(hex[0])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len = DEC[hex[0]];
+ len = getDec(hex[0]);
len = len << 4;
- if( DEC[hex[1]]<0 )
+ if( getDec(hex[1])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[1]];
+ len += getDec(hex[1]);
len = len << 4;
- if( DEC[hex[2]]<0 )
+ if( getDec(hex[2])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[2]];
+ len += getDec(hex[2]);
len = len << 4;
- if( DEC[hex[3]]<0 )
+ if( getDec(hex[3])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[3]];
+ len += getDec(hex[3]);
return len;
}
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
(original)
+++
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
Mon Oct 1 09:43:50 2012
@@ -30,7 +30,10 @@ import java.io.ByteArrayOutputStream;
public final class HexUtils {
// Code from Ajp11, from Apache's JServ
- // Table for HEX to DEC byte translation
+ /**
+ * Table for HEX to DEC byte translation.
+ * @deprecated Use {@link #getDec(int)}
+ */
public static final int[] DEC = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
@@ -59,6 +62,18 @@ public final class HexUtils {
StringManager.getManager("org.apache.catalina.util");
+ // --------------------------------------------------------- Static Methods
+
+
+ public static int getDec(int index){
+ try {
+ return DEC[index];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return -1;
+ }
+ }
+
+
/**
* Convert a String of hexadecimal digits into the corresponding
* byte array by encoding each two hexadecimal digits as a byte.
@@ -137,21 +152,21 @@ public final class HexUtils {
// assert valid data
int len;
if(hex.length < 4 ) return 0;
- if( DEC[hex[0]]<0 )
+ if( getDec(hex[0])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len = DEC[hex[0]];
+ len = getDec(hex[0]);
len = len << 4;
- if( DEC[hex[1]]<0 )
+ if( getDec(hex[1])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[1]];
+ len += getDec(hex[1]);
len = len << 4;
- if( DEC[hex[2]]<0 )
+ if( getDec(hex[2])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[2]];
+ len += getDec(hex[2]);
len = len << 4;
- if( DEC[hex[3]]<0 )
+ if( getDec(hex[3])<0 )
throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
- len += DEC[hex[3]];
+ len += getDec(hex[3]);
return len;
}
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Mon Oct 1
09:43:50 2012
@@ -82,6 +82,12 @@
<add>
Implement the maxHeaderCount for the HTTP connectors. (kkolinko)
</add>
+ <fix>
+ <bug>42181</bug>: Better handling of edge conditions in chunk header
+ processing. Improve chunk header parsing. Properly ignore
+ chunk-extension suffix, not trying to parse digits contained in it.
+ Reject chunks whose header is incorrect. (kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Webapps">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
