Author: kkolinko
Date: Sun Mar 17 02:36:06 2013
New Revision: 1457363
URL: http://svn.apache.org/r1457363
Log:
For https://issues.apache.org/bugzilla/show_bug.cgi?id=54707
Merged revision 1457362 from tomcat/trunk:
Review of r1457303:
1) Correct comments.
2) In readLhex(..):
Document lowercase conversion. It was documented before r1457303 and
I think it is in line with support for incorrect values implemented
in response to BZ 54707.
Convert digits to lowercase on the fly, instead of relying on
String.toLowerCase() call. This should generate less garbage for GC.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1457362
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1457363&r1=1457362&r2=1457363&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
Sun Mar 17 02:36:06 2013
@@ -151,7 +151,7 @@ public class HttpParser {
value = readTokenOrQuotedString(input, false);
break;
case 3:
- // FIELD_TYPE_QUOTED_LHEX
+ // FIELD_TYPE_LHEX
value = readLhex(input);
break;
case 4:
@@ -382,8 +382,8 @@ public class HttpParser {
* this parsing method for token permits optional surrounding double
quotes.
* This is not defined in any RFC. It is a special case to handle data from
* buggy clients (known buggy clients for DIGEST auth include Microsoft IE
8
- * & 9, Apple Safari for OSX and iOS) that add quotes to values that should
- * be tokens.
+ * & 9, Apple Safari for OSX and iOS) that add quotes to values that
+ * should be tokens.
*
* @return the token if one was found, null if data other than a token or
* quoted token was found or null if the end of data was reached
@@ -438,6 +438,11 @@ public class HttpParser {
* buggy clients (libwww-perl for DIGEST auth) are known to send quoted
LHEX
* when the specification requires just LHEX.
*
+ * <p>
+ * LHEX are, literally, lower-case hexadecimal digits. This implementation
+ * allows for upper-case digits as well, converting the returned value to
+ * lower-case.
+ *
* @return the sequence of LHEX (minus any surrounding quotes) if any was
* found, or <code>null</code> if data other LHEX was found
*/
@@ -459,11 +464,17 @@ public class HttpParser {
} else if (c == -1 || !isHex(c)) {
return null;
} else {
+ if ('A' <= c && c <= 'F') {
+ c -= ('A' - 'a');
+ }
result.append((char) c);
}
c = input.read();
while (c != -1 && isHex(c)) {
+ if ('A' <= c && c <= 'F') {
+ c -= ('A' - 'a');
+ }
result.append((char) c);
c = input.read();
}
@@ -473,14 +484,14 @@ public class HttpParser {
return null;
}
} else {
- // Skip back so non-token character is available for next read
+ // Skip back so non-hex character is available for next read
input.skip(-1);
}
if (c != -1 && result.length() == 0) {
return null;
} else {
- return result.toString().toLowerCase(Locale.US);
+ return result.toString();
}
}
Modified:
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java?rev=1457363&r1=1457362&r2=1457363&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java
(original)
+++
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java
Sun Mar 17 02:36:06 2013
@@ -127,13 +127,24 @@ public class TestAuthorizationDigest {
@Test
public void testQuotedLhex() throws Exception {
- String header = "Digest nc=\"00000001\"";
+ String header = "Digest nc=\"09abcdef\"";
StringReader input = new StringReader(header);
Map<String,String> result = HttpParser.parseAuthorizationDigest(input);
- Assert.assertEquals("00000001", result.get("nc"));
+ Assert.assertEquals("09abcdef", result.get("nc"));
+ }
+
+ @Test
+ public void testQuotedLhexUppercase() throws Exception {
+ String header = "Digest nc=\"00ABCDEF\"";
+
+ StringReader input = new StringReader(header);
+
+ Map<String,String> result = HttpParser.parseAuthorizationDigest(input);
+
+ Assert.assertEquals("00abcdef", result.get("nc"));
}
@Test
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1457363&r1=1457362&r2=1457363&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Mar 17 02:36:06 2013
@@ -90,7 +90,7 @@
<fix>
<bug>54707</bug>: Further relax the parsing of DIGEST authentication
headers to allow for buggy clients that quote values that RFC2617
states
- should not be quoted. (markt)
+ should not be quoted. (markt/kkolinko)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
