Author: markt
Date: Mon Nov 11 12:12:48 2013
New Revision: 1540687
URL: http://svn.apache.org/r1540687
Log:
If a request that includes an "Expect: 100-continue" header receives anything
other than a 2xx response, close the connection.
This protects against mis-behaving clients that may not sent the request body
in that case and send the next request instead.
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1540687&r1=1540686&r2=1540687&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java Mon
Nov 11 12:12:48 2013
@@ -1053,6 +1053,18 @@ public abstract class AbstractHttp11Proc
// thread if the servlet has rejected it.
getInputBuffer().setSwallowInput(false);
}
+ if (response.getStatus() < 200 || response.getStatus() > 299) {
+ if (expectation) {
+ // Client sent Expect: 100-continue but received a
+ // non-2xx response. Disable keep-alive (if enabled) to
+ // ensure the connection is closed. Some clients may
+ // still send the body, some may send the next request.
+ // No way to differentiate, so close the connection to
+ // force the client to send the next request.
+ getInputBuffer().setSwallowInput(false);
+ keepAlive = false;
+ }
+ }
endRequest();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
