Re: Adding Content-Security-Policy support to HttpHeaderSecurityFilter
On 24/03/2020 21:28, Christopher Schultz wrote: > All, > > While replying to James's recent message about this filter's anti > click-jacking features[1], I was surprised to see that this filter > does not have any support for the Content-Security-Policy header. > > Adding such support would be fairly simple: simply add a > "contentSecurityPolicy" attribute which gets dumped-out to every > response as a Content-Security-Policy header. > > Any votes for/against? See: https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 No objections to your proposal. I do wonder about the more general solution but I don't see that as a reason not to do this. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Adding Content-Security-Policy support to HttpHeaderSecurityFilter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, While replying to James's recent message about this filter's anti click-jacking features[1], I was surprised to see that this filter does not have any support for the Content-Security-Policy header. Adding such support would be fairly simple: simply add a "contentSecurityPolicy" attribute which gets dumped-out to every response as a Content-Security-Policy header. Any votes for/against? - -chris [1] https://lists.apache.org/thread.html/rb9f6829febf9b56aef2888ea2b5a98ee13 b14326c42225fc04ec13e5%40%3Cusers.tomcat.apache.org%3E -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl56e2UACgkQHPApP6U8 pFgGBhAAwlMkjbBsvt2AcivfwVyknfaJDA1KMDHHGzi5dKWA4PueYIPc2c9Es66f Cp45zsewQkeTSFv0bXNgHiMpn4u9QlqcODpU4/Ae7/B9Z2arsRiXUrpcB2d29+kI bjzjLwYv2TYZpts3jP23B6GMUw20HMd9t6mlb2+YuXDGXd42c2s+AnEkgVhRk9Ul 5h2syLuPLJaNLY1JK9B+WHP3Il1gSwVodzXi5O1jCwaQrulLLHh6H48eLWS2fPn/ xdcvTSioHrPLuVBdin7UOaaSG69+gFjOVh6t0rzH0hBn9tJgg0txzijHy0ZuEqdv 9ONWCCuNu+7CaHv+tNmj4Wsr4kqBkfdr3tjNJK+3+B3nrhAftUxrgqhOfuMatXO2 9OomVEWv3Sgd5ssrBdx1LTI5+H6NCl19+SsVFtaYPEc0jXv6+okMrOugFQtrPs// iJGtU8p5ioAyB2qFyPswUp3BSanryj+Pfcivydu5KUNK4EhP+oegmcNmz4/pWIcj j3mvdCdeq+ncTM9kw8HESgxnH92EPxA8ZoexayLobpQtz5W7Oc6vvWUTv7pmms0f D4hJ9om0fFPgRtQu3YAa/VyUWOEutoiDcY81602iSsWJZQYa+YDGof4ikJIjNaXH X9i9TtA7GpvfrxrS8od4D/GIyl0xCmETwPwumDBuHh0ZdZmFgHc= =S2dc -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64240] http 0.9 request return nothing
https://bz.apache.org/bugzilla/show_bug.cgi?id=64240 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #18 from Mark Thomas --- The final edge case has been fixed in: - master for 10.0.0-M4 onwards - 9.0.x for 9.0.34 onwards - 8.5.x for 8.5.54 onwards - 7.0.x for 7.0.104 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Increase coverage of Range header tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new b88aa88 Increase coverage of Range header tests
b88aa88 is described below
commit b88aa88bfc3fcc8c613b5f198f50666c86c7cfff
Author: Mark Thomas
AuthorDate: Tue Mar 24 15:58:16 2020 +
Increase coverage of Range header tests
---
.../catalina/servlets/TestDefaultServletPut.java | 29 +---
.../servlets/TestDefaultServletRangeRequests.java | 78 +++---
2 files changed, 72 insertions(+), 35 deletions(-)
diff --git a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
index 915c448..09c30ff 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
@@ -52,27 +52,30 @@ public class TestDefaultServletPut extends TomcatBaseTest {
// Valid partial PUT
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT });
+"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT, Boolean.TRUE });
// Full PUT
parameterSets.add(new Object[] {
-"", null, PATCH_TEXT });
+"", null, PATCH_TEXT, Boolean.TRUE });
// Invalid range
parameterSets.add(new Object[] {
-"Content-Range: apples=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT });
+"Content-Range: apples=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes00-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT });
+"Content-Range: bytes00-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-5/" + CRLF, Boolean.FALSE, START_TEXT
});
+"Content-Range: bytes=0-5/" + CRLF, Boolean.FALSE, START_TEXT,
Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+// Valid partial PUT but partial PUT is disabled
+parameterSets.add(new Object[] {
+"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, START_TEXT, Boolean.FALSE });
return parameterSets;
}
@@ -89,6 +92,9 @@ public class TestDefaultServletPut extends TomcatBaseTest {
@Parameter(2)
public String expectedEndText;
+@Parameter(3)
+public boolean allowPartialPut;
+
@Override
public void setUp() throws Exception {
super.setUp();
@@ -107,6 +113,7 @@ public class TestDefaultServletPut extends TomcatBaseTest {
Wrapper w = Tomcat.addServlet(ctxt, "default",
DefaultServlet.class.getName());
w.addInitParameter("readonly", "false");
+w.addInitParameter("allowPartialPut",
Boolean.toString(allowPartialPut));
ctxt.addServletMappingDecoded("/", "default");
tomcat.start();
@@ -145,7 +152,7 @@ public class TestDefaultServletPut extends TomcatBaseTest {
if (contentRangeHeaderValid == null) {
// Not present (so will do a full PUT, replacing the existing)
Assert.assertTrue(putClient.isResponse204());
-} else if (contentRangeHeaderValid.booleanValue()) {
+} else if (contentRangeHeaderValid.booleanValue() && allowPartialPut) {
// Valid
Assert.assertTrue(putClient.isResponse204());
} else
[tomcat] branch 9.0.x updated: Increase coverage of Range header tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 9431eec Increase coverage of Range header tests
9431eec is described below
commit 9431eec1e86e6e714fa6345fbb8a23acf8373fe3
Author: Mark Thomas
AuthorDate: Tue Mar 24 15:58:16 2020 +
Increase coverage of Range header tests
---
.../catalina/servlets/TestDefaultServletPut.java | 29 +---
.../servlets/TestDefaultServletRangeRequests.java | 78 +++---
2 files changed, 72 insertions(+), 35 deletions(-)
diff --git a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
index 915c448..09c30ff 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
@@ -52,27 +52,30 @@ public class TestDefaultServletPut extends TomcatBaseTest {
// Valid partial PUT
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT });
+"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT, Boolean.TRUE });
// Full PUT
parameterSets.add(new Object[] {
-"", null, PATCH_TEXT });
+"", null, PATCH_TEXT, Boolean.TRUE });
// Invalid range
parameterSets.add(new Object[] {
-"Content-Range: apples=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT });
+"Content-Range: apples=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes00-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT });
+"Content-Range: bytes00-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-5/" + CRLF, Boolean.FALSE, START_TEXT
});
+"Content-Range: bytes=0-5/" + CRLF, Boolean.FALSE, START_TEXT,
Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+// Valid partial PUT but partial PUT is disabled
+parameterSets.add(new Object[] {
+"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, START_TEXT, Boolean.FALSE });
return parameterSets;
}
@@ -89,6 +92,9 @@ public class TestDefaultServletPut extends TomcatBaseTest {
@Parameter(2)
public String expectedEndText;
+@Parameter(3)
+public boolean allowPartialPut;
+
@Override
public void setUp() throws Exception {
super.setUp();
@@ -107,6 +113,7 @@ public class TestDefaultServletPut extends TomcatBaseTest {
Wrapper w = Tomcat.addServlet(ctxt, "default",
DefaultServlet.class.getName());
w.addInitParameter("readonly", "false");
+w.addInitParameter("allowPartialPut",
Boolean.toString(allowPartialPut));
ctxt.addServletMappingDecoded("/", "default");
tomcat.start();
@@ -145,7 +152,7 @@ public class TestDefaultServletPut extends TomcatBaseTest {
if (contentRangeHeaderValid == null) {
// Not present (so will do a full PUT, replacing the existing)
Assert.assertTrue(putClient.isResponse204());
-} else if (contentRangeHeaderValid.booleanValue()) {
+} else if (contentRangeHeaderValid.booleanValue() && allowPartialPut) {
// Valid
Assert.assertTrue(putClient.isResponse204());
} else
[tomcat] branch master updated: Increase coverage of Range header tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 3116926 Increase coverage of Range header tests
3116926 is described below
commit 3116926c077fe6561763946b9668444a9806327e
Author: Mark Thomas
AuthorDate: Tue Mar 24 15:58:16 2020 +
Increase coverage of Range header tests
---
.../catalina/servlets/TestDefaultServletPut.java | 29 +---
.../servlets/TestDefaultServletRangeRequests.java | 78 +++---
2 files changed, 72 insertions(+), 35 deletions(-)
diff --git a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
index 915c448..09c30ff 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletPut.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletPut.java
@@ -52,27 +52,30 @@ public class TestDefaultServletPut extends TomcatBaseTest {
// Valid partial PUT
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT });
+"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, END_TEXT, Boolean.TRUE });
// Full PUT
parameterSets.add(new Object[] {
-"", null, PATCH_TEXT });
+"", null, PATCH_TEXT, Boolean.TRUE });
// Invalid range
parameterSets.add(new Object[] {
-"Content-Range: apples=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT });
+"Content-Range: apples=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes00-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT });
+"Content-Range: bytes00-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.FALSE, START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=-7/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=9-X/" + START_LEN + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-5/" + CRLF, Boolean.FALSE, START_TEXT
});
+"Content-Range: bytes=0-5/" + CRLF, Boolean.FALSE, START_TEXT,
Boolean.TRUE });
parameterSets.add(new Object[] {
-"Content-Range: bytes=0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT });
+"Content-Range: bytes=0-5/0x5" + CRLF, Boolean.FALSE,
START_TEXT, Boolean.TRUE });
+// Valid partial PUT but partial PUT is disabled
+parameterSets.add(new Object[] {
+"Content-Range: bytes=0-" + PATCH_LEN + "/" + START_LEN +
CRLF, Boolean.TRUE, START_TEXT, Boolean.FALSE });
return parameterSets;
}
@@ -89,6 +92,9 @@ public class TestDefaultServletPut extends TomcatBaseTest {
@Parameter(2)
public String expectedEndText;
+@Parameter(3)
+public boolean allowPartialPut;
+
@Override
public void setUp() throws Exception {
super.setUp();
@@ -107,6 +113,7 @@ public class TestDefaultServletPut extends TomcatBaseTest {
Wrapper w = Tomcat.addServlet(ctxt, "default",
DefaultServlet.class.getName());
w.addInitParameter("readonly", "false");
+w.addInitParameter("allowPartialPut",
Boolean.toString(allowPartialPut));
ctxt.addServletMappingDecoded("/", "default");
tomcat.start();
@@ -145,7 +152,7 @@ public class TestDefaultServletPut extends TomcatBaseTest {
if (contentRangeHeaderValid == null) {
// Not present (so will do a full PUT, replacing the existing)
Assert.assertTrue(putClient.isResponse204());
-} else if (contentRangeHeaderValid.booleanValue()) {
+} else if (contentRangeHeaderValid.booleanValue() && allowPartialPut) {
// Valid
Assert.assertTrue(putClient.isResponse204());
}
[Bug 64149] NullPointerException in AbstractAccessLogValve
https://bz.apache.org/bugzilla/show_bug.cgi?id=64149 Remy Maucherat changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #6 from Remy Maucherat --- There was a NPE when no pattern is specified. In that case, the valve does nothing so remove it. The fix will be in 10.0.0-M4, 9.0.34 and 8.5.54. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Ordering
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 5a7e1b3 Ordering 5a7e1b3 is described below commit 5a7e1b3fa95ea581d454680c45c5e9818baf3d07 Author: remm AuthorDate: Tue Mar 24 16:52:30 2020 +0100 Ordering --- webapps/docs/changelog.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 90e9050..bd59ac0 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -58,14 +58,14 @@ system property. (remm) -64226: Reset timezone after parsing a date since the date -format is reused. Test case submitted by Gary Thomas. (remm) - - 64149: Avoid NPE when using the access log valve without a pattern. (remm) +64226: Reset timezone after parsing a date since the date +format is reused. Test case submitted by Gary Thomas. (remm) + + 64247: Using a wildcard for jarsToSkip should not override a possibly present jarsToScan. Based on code submitted by Iridias. (remm) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Ordering
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 7600f50 Ordering 7600f50 is described below commit 7600f509a0036c3849b2a5b1285d59734ffebfc3 Author: remm AuthorDate: Tue Mar 24 16:52:18 2020 +0100 Ordering --- webapps/docs/changelog.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 346..e8452cd 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -58,14 +58,14 @@ system property. (remm) -64226: Reset timezone after parsing a date since the date -format is reused. Test case submitted by Gary Thomas. (remm) - - 64149: Avoid NPE when using the access log valve without a pattern. (remm) +64226: Reset timezone after parsing a date since the date +format is reused. Test case submitted by Gary Thomas. (remm) + + 64247: Using a wildcard for jarsToSkip should not override a possibly present jarsToScan. Based on code submitted by Iridias. (remm) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Ordering
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new d35c65b Ordering d35c65b is described below commit d35c65b3968dc51435567ea0a496daa2b91b7d48 Author: remm AuthorDate: Tue Mar 24 16:51:33 2020 +0100 Ordering --- webapps/docs/changelog.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 4865f72..84fcddf 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -58,14 +58,14 @@ system property. (remm) -64226: Reset timezone after parsing a date since the date -format is reused. Test case submitted by Gary Thomas. (remm) - - 64149: Avoid NPE when using the access log valve without a pattern. (remm) +64226: Reset timezone after parsing a date since the date +format is reused. Test case submitted by Gary Thomas. (remm) + + 64247: Using a wildcard for jarsToSkip should not override a possibly present jarsToScan. Based on code submitted by Iridias. (remm) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: 64149: Avoid NPE when using the access log valve without a pattern
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d49329c 64149: Avoid NPE when using the access log valve without a
pattern
d49329c is described below
commit d49329c8d419974a7013ba22c8abe93c15c66ce1
Author: remm
AuthorDate: Tue Mar 24 16:47:35 2020 +0100
64149: Avoid NPE when using the access log valve without a pattern
There was already a check for that on logElements in the log method,
which is also null in that case. So cachedElements needs the same null
check.
---
java/org/apache/catalina/valves/AbstractAccessLogValve.java | 4 +++-
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index a55b289..51a771f 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -682,8 +682,10 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
// to be cached in the request.
request.getAttribute(Globals.CERTIFICATES_ATTR);
}
-for (CachedElement element : cachedElements) {
+if (cachedElements != null) {
+for (CachedElement element : cachedElements) {
element.cache(request);
+}
}
getNext().invoke(request, response);
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7f7b48e..90e9050 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,10 @@
format is reused. Test case submitted by Gary Thomas. (remm)
+64149: Avoid NPE when using the access log valve without
+a pattern. (remm)
+
+
64247: Using a wildcard for jarsToSkip should
not override a possibly present jarsToScan. Based on code
submitted by Iridias. (remm)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: 64149: Avoid NPE when using the access log valve without a pattern
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 0c1f669 64149: Avoid NPE when using the access log valve without a
pattern
0c1f669 is described below
commit 0c1f669512f8d8c1a91e3099f5992bae04d0b6de
Author: remm
AuthorDate: Tue Mar 24 16:47:35 2020 +0100
64149: Avoid NPE when using the access log valve without a pattern
There was already a check for that on logElements in the log method,
which is also null in that case. So cachedElements needs the same null
check.
---
java/org/apache/catalina/valves/AbstractAccessLogValve.java | 4 +++-
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index a55b289..51a771f 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -682,8 +682,10 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
// to be cached in the request.
request.getAttribute(Globals.CERTIFICATES_ATTR);
}
-for (CachedElement element : cachedElements) {
+if (cachedElements != null) {
+for (CachedElement element : cachedElements) {
element.cache(request);
+}
}
getNext().invoke(request, response);
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9fb432e..4865f72 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,10 @@
format is reused. Test case submitted by Gary Thomas. (remm)
+64149: Avoid NPE when using the access log valve without
+a pattern. (remm)
+
+
64247: Using a wildcard for jarsToSkip should
not override a possibly present jarsToScan. Based on code
submitted by Iridias. (remm)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: 64149: Avoid NPE when using the access log valve without a pattern
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 60a7af2 64149: Avoid NPE when using the access log valve without a
pattern
60a7af2 is described below
commit 60a7af2cbad19d4ebc76599c93fa9818679626c0
Author: remm
AuthorDate: Tue Mar 24 16:47:35 2020 +0100
64149: Avoid NPE when using the access log valve without a pattern
There was already a check for that on logElements in the log method,
which is also null in that case. So cachedElements needs the same null
check.
---
java/org/apache/catalina/valves/AbstractAccessLogValve.java | 4 +++-
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 9776097..fe3fee1 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -685,8 +685,10 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
// to be cached in the request.
request.getAttribute(Globals.CERTIFICATES_ATTR);
}
-for (CachedElement element : cachedElements) {
+if (cachedElements != null) {
+for (CachedElement element : cachedElements) {
element.cache(request);
+}
}
getNext().invoke(request, response);
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 14738ab..346 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,10 @@
format is reused. Test case submitted by Gary Thomas. (remm)
+64149: Avoid NPE when using the access log valve without
+a pattern. (remm)
+
+
64247: Using a wildcard for jarsToSkip should
not override a possibly present jarsToScan. Based on code
submitted by Iridias. (remm)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64149] NullPointerException in AbstractAccessLogValve
https://bz.apache.org/bugzilla/show_bug.cgi?id=64149 Remy Maucherat changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #5 from Remy Maucherat --- Ok, I can reproduce and will fix this "issue". -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64260] New: Clean install target
https://bz.apache.org/bugzilla/show_bug.cgi?id=64260 Bug ID: 64260 Summary: Clean install target Product: Tomcat Native Version: 1.2.23 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: --- Based on this discussion (https://www.mail-archive.com/dev@tomcat.apache.org/msg141233.htm) it seems that include/ and lib/ are unusable from outside, except the shared library. They serve no purpose for the outside world. As Rainer pointed out, they can savely be dropped. I will work on the change to leave them out during "make install". -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64149] NullPointerException in AbstractAccessLogValve
https://bz.apache.org/bugzilla/show_bug.cgi?id=64149 --- Comment #4 from Roland Wachinger --- Created attachment 37118 --> https://bz.apache.org/bugzilla/attachment.cgi?id=37118=edit our server.xml I attached the server.xml. I think the problem here is one of the valves in the end. This used to work in 9.0.30. We also switched the handler to rotatable = false in the logging config, aside from that it is all defaults. The problem still persists in 9.0.33 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Process HTTP/0.9 requests with extra request line data as HTTP/1.1
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new f15c077 Process HTTP/0.9 requests with extra request line data as
HTTP/1.1
f15c077 is described below
commit f15c077cdd1080d6f3d46be0d47f82978d9c03b9
Author: Mark Thomas
AuthorDate: Tue Mar 24 09:50:02 2020 +
Process HTTP/0.9 requests with extra request line data as HTTP/1.1
https://bz.apache.org/bugzilla/show_bug.cgi?id=64240
---
.../coyote/http11/InternalAprInputBuffer.java | 13 ++--
.../apache/coyote/http11/InternalInputBuffer.java | 13 ++--
.../coyote/http11/InternalNioInputBuffer.java | 17 +++--
.../coyote/http11/TestHttp11InputBufferCRLF.java | 73 +++---
webapps/docs/changelog.xml | 5 ++
5 files changed, 99 insertions(+), 22 deletions(-)
diff --git a/java/org/apache/coyote/http11/InternalAprInputBuffer.java
b/java/org/apache/coyote/http11/InternalAprInputBuffer.java
index b2e9a41..bfa769e 100644
--- a/java/org/apache/coyote/http11/InternalAprInputBuffer.java
+++ b/java/org/apache/coyote/http11/InternalAprInputBuffer.java
@@ -238,8 +238,12 @@ public class InternalAprInputBuffer extends
AbstractInputBuffer {
// HTTP/0.9 style request. CR is optional. LF is not.
} else if (buf[pos] == Constants.LF) {
// HTTP/0.9 style request
-eol = true;
+// Stop this processing loop
space = true;
+// Set blank protocol (indicates HTTP/0.9)
+request.protocol().setString("");
+// Skip the protocol processing
+eol = true;
if (buf[pos - 1] == Constants.CR) {
end = pos - 1;
} else {
@@ -314,12 +318,13 @@ public class InternalAprInputBuffer extends
AbstractInputBuffer {
if ((end - start) > 0) {
request.protocol().setBytes(buf, start, end - start);
-} else {
-request.protocol().setString("");
}
-return true;
+if (request.protocol().isNull()) {
+throw new
IllegalArgumentException(sm.getString("iib.invalidHttpProtocol"));
+}
+return true;
}
diff --git a/java/org/apache/coyote/http11/InternalInputBuffer.java
b/java/org/apache/coyote/http11/InternalInputBuffer.java
index e3f36d6..1050e57 100644
--- a/java/org/apache/coyote/http11/InternalInputBuffer.java
+++ b/java/org/apache/coyote/http11/InternalInputBuffer.java
@@ -192,8 +192,12 @@ public class InternalInputBuffer extends
AbstractInputBuffer {
// HTTP/0.9 style request. CR is optional. LF is not.
} else if (buf[pos] == Constants.LF) {
// HTTP/0.9 style request
-eol = true;
+// Stop this processing loop
space = true;
+// Set blank protocol (indicates HTTP/0.9)
+request.protocol().setString("");
+// Skip the protocol processing
+eol = true;
if (buf[pos - 1] == Constants.CR) {
end = pos - 1;
} else {
@@ -266,12 +270,13 @@ public class InternalInputBuffer extends
AbstractInputBuffer {
if ((end - start) > 0) {
request.protocol().setBytes(buf, start, end - start);
-} else {
-request.protocol().setString("");
}
-return true;
+if (request.protocol().isNull()) {
+throw new
IllegalArgumentException(sm.getString("iib.invalidHttpProtocol"));
+}
+return true;
}
diff --git a/java/org/apache/coyote/http11/InternalNioInputBuffer.java
b/java/org/apache/coyote/http11/InternalNioInputBuffer.java
index 6b80d01..3cdbdfa 100644
--- a/java/org/apache/coyote/http11/InternalNioInputBuffer.java
+++ b/java/org/apache/coyote/http11/InternalNioInputBuffer.java
@@ -322,10 +322,12 @@ public class InternalNioInputBuffer extends
AbstractInputBuffer {
// HTTP/0.9 style request. CR is optional. LF is not.
} else if (buf[pos] == Constants.LF) {
// HTTP/0.9 style request
-parsingRequestLineEol = true;
+// Stop this processing loop
space = true;
+// Set blank protocol (indicates HTTP/0.9)
+request.protocol().setString("");
// Skip the protocol processing
-parsingRequestLinePhase = 6;
+parsingRequestLinePhase = 7;
if (buf[pos - 1] == Constants.CR) {
end = pos - 1;
} else {
@@ -352,7 +354,9 @@ public class InternalNioInputBuffer extends
AbstractInputBuffer {
[tomcat] branch 8.5.x updated: Process HTTP/0.9 requests with extra request line data as HTTP/1.1
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 50aff94 Process HTTP/0.9 requests with extra request line data as
HTTP/1.1
50aff94 is described below
commit 50aff94ae8058a4672d195d354cb7e7fc5f8ae9e
Author: Mark Thomas
AuthorDate: Tue Mar 24 09:50:02 2020 +
Process HTTP/0.9 requests with extra request line data as HTTP/1.1
https://bz.apache.org/bugzilla/show_bug.cgi?id=64240
---
.../apache/coyote/http11/Http11InputBuffer.java| 16 +++--
.../coyote/http11/TestHttp11InputBufferCRLF.java | 73 +++---
webapps/docs/changelog.xml | 5 ++
3 files changed, 80 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java
b/java/org/apache/coyote/http11/Http11InputBuffer.java
index aa962c6..eecac4f 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -485,9 +485,10 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
// HTTP/0.9 style request
// Stop this processing loop
space = true;
+// Set blank protocol (indicates HTTP/0.9)
+request.protocol().setString("");
// Skip the protocol processing
-parsingRequestLinePhase = 6;
-parsingRequestLineEol = true;
+parsingRequestLinePhase = 7;
if (prevChr == Constants.CR) {
end = pos - 1;
} else {
@@ -518,7 +519,9 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
request.requestURI().setBytes(byteBuffer.array(),
parsingRequestLineStart,
end - parsingRequestLineStart);
}
-if (!parsingRequestLineEol) {
+// HTTP/0.9 processing jumps to stage 7.
+// Don't want to overwrite that here.
+if (parsingRequestLinePhase == 4) {
parsingRequestLinePhase = 5;
}
}
@@ -571,9 +574,12 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
if ((end - parsingRequestLineStart) > 0) {
request.protocol().setBytes(byteBuffer.array(),
parsingRequestLineStart,
end - parsingRequestLineStart);
-} else {
-request.protocol().setString("");
+parsingRequestLinePhase = 7;
}
+// If no protocol is found, the ISE below will be triggered.
+}
+if (parsingRequestLinePhase == 7) {
+// Parsing is complete. Return and clean-up.
parsingRequestLine = false;
parsingRequestLinePhase = 0;
parsingRequestLineEol = false;
diff --git a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
index 82315f5..ee033a1 100644
--- a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
+++ b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
@@ -45,32 +45,74 @@ public class TestHttp11InputBufferCRLF extends
TomcatBaseTest {
// Requests to exercise code that allows HT in place of SP
parameterSets.add(new Object[] { Boolean.FALSE, new String[] {
-"GET\thttp://localhost:8080/test\tHTTP/1.1; + CRLF +
+"GET\t/test\tHTTP/1.1" + CRLF +
"Host: localhost:8080" + CRLF +
-"Connection: close" + CRLF +
-CRLF } } );
+ "Connection: close" + CRLF +
+CRLF }, Boolean.TRUE } );
// Requests to simulate package boundaries
// HTTP/0.9 request
addRequestWithSplits("GET /test" + CRLF, Boolean.TRUE, parameterSets);
+// HTTP/0.9 request with space
+// Either malformed but acceptable HTTP/0.9 or invalid HTTP/1.1
+// Tomcat opts for invalid HTTP/1.1
+addRequestWithSplits("GET /test " + CRLF, Boolean.FALSE,
Boolean.FALSE, parameterSets);
+
// HTTP/0.9 request (no optional CR)
addRequestWithSplits("GET /test" + LF, Boolean.TRUE, parameterSets);
+// HTTP/0.9 request with space (no optional CR)
+// Either malformed but acceptable HTTP/0.9 or invalid HTTP/1.1
+// Tomcat opts for invalid HTTP/1.1
+addRequestWithSplits("GET /test " + LF, Boolean.FALSE, Boolean.FALSE,
parameterSets);
+
// Standard HTTP/1.1 request
-addRequestWithSplits("GET http://localhost:8080/test HTTP/1.1" + CRLF +
+addRequestWithSplits("GET /test HTTP/1.1" + CRLF +
+"Host: localhost:8080"
[tomcat] branch 9.0.x updated: Process HTTP/0.9 requests with extra request line data as HTTP/1.1
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new ec3edf7 Process HTTP/0.9 requests with extra request line data as
HTTP/1.1
ec3edf7 is described below
commit ec3edf7b375c008b7445f631ea767e8989e2d4e6
Author: Mark Thomas
AuthorDate: Tue Mar 24 09:50:02 2020 +
Process HTTP/0.9 requests with extra request line data as HTTP/1.1
https://bz.apache.org/bugzilla/show_bug.cgi?id=64240
---
.../apache/coyote/http11/Http11InputBuffer.java| 16 +++--
.../coyote/http11/TestHttp11InputBufferCRLF.java | 73 +++---
webapps/docs/changelog.xml | 5 ++
3 files changed, 80 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java
b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 0824a69..d4c4dc3 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -471,9 +471,10 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
// HTTP/0.9 style request
// Stop this processing loop
space = true;
+// Set blank protocol (indicates HTTP/0.9)
+request.protocol().setString("");
// Skip the protocol processing
-parsingRequestLinePhase = 6;
-parsingRequestLineEol = true;
+parsingRequestLinePhase = 7;
if (prevChr == Constants.CR) {
end = pos - 1;
} else {
@@ -504,7 +505,9 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
request.requestURI().setBytes(byteBuffer.array(),
parsingRequestLineStart,
end - parsingRequestLineStart);
}
-if (!parsingRequestLineEol) {
+// HTTP/0.9 processing jumps to stage 7.
+// Don't want to overwrite that here.
+if (parsingRequestLinePhase == 4) {
parsingRequestLinePhase = 5;
}
}
@@ -557,9 +560,12 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
if ((end - parsingRequestLineStart) > 0) {
request.protocol().setBytes(byteBuffer.array(),
parsingRequestLineStart,
end - parsingRequestLineStart);
-} else {
-request.protocol().setString("");
+parsingRequestLinePhase = 7;
}
+// If no protocol is found, the ISE below will be triggered.
+}
+if (parsingRequestLinePhase == 7) {
+// Parsing is complete. Return and clean-up.
parsingRequestLine = false;
parsingRequestLinePhase = 0;
parsingRequestLineEol = false;
diff --git a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
index 82315f5..ee033a1 100644
--- a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
+++ b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
@@ -45,32 +45,74 @@ public class TestHttp11InputBufferCRLF extends
TomcatBaseTest {
// Requests to exercise code that allows HT in place of SP
parameterSets.add(new Object[] { Boolean.FALSE, new String[] {
-"GET\thttp://localhost:8080/test\tHTTP/1.1; + CRLF +
+"GET\t/test\tHTTP/1.1" + CRLF +
"Host: localhost:8080" + CRLF +
-"Connection: close" + CRLF +
-CRLF } } );
+ "Connection: close" + CRLF +
+CRLF }, Boolean.TRUE } );
// Requests to simulate package boundaries
// HTTP/0.9 request
addRequestWithSplits("GET /test" + CRLF, Boolean.TRUE, parameterSets);
+// HTTP/0.9 request with space
+// Either malformed but acceptable HTTP/0.9 or invalid HTTP/1.1
+// Tomcat opts for invalid HTTP/1.1
+addRequestWithSplits("GET /test " + CRLF, Boolean.FALSE,
Boolean.FALSE, parameterSets);
+
// HTTP/0.9 request (no optional CR)
addRequestWithSplits("GET /test" + LF, Boolean.TRUE, parameterSets);
+// HTTP/0.9 request with space (no optional CR)
+// Either malformed but acceptable HTTP/0.9 or invalid HTTP/1.1
+// Tomcat opts for invalid HTTP/1.1
+addRequestWithSplits("GET /test " + LF, Boolean.FALSE, Boolean.FALSE,
parameterSets);
+
// Standard HTTP/1.1 request
-addRequestWithSplits("GET http://localhost:8080/test HTTP/1.1" + CRLF +
+addRequestWithSplits("GET /test HTTP/1.1" + CRLF +
+"Host: localhost:8080"
[tomcat] branch master updated: Remove left-over debug code
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new bf42f57 Remove left-over debug code
bf42f57 is described below
commit bf42f575a39591feaf8b333ea3bf220f937ca55b
Author: Mark Thomas
AuthorDate: Tue Mar 24 09:52:00 2020 +
Remove left-over debug code
---
java/org/apache/coyote/http11/Http11InputBuffer.java | 3 ---
1 file changed, 3 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java
b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 289a0bc..2794bfb 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -462,9 +462,6 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
request.protocol().setString(Constants.HTTP_11);
throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
}
-if (chr == '<') {
-System.out.println("debug");
-}
if (chr == Constants.SP || chr == Constants.HT) {
space = true;
end = pos;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Process HTTP/0.9 requests with extra request line data as HTTP/1.1
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new f4c3950 Process HTTP/0.9 requests with extra request line data as
HTTP/1.1
f4c3950 is described below
commit f4c39506d8b0d5e37ea9f404d16b236cd1f7de70
Author: Mark Thomas
AuthorDate: Tue Mar 24 09:50:02 2020 +
Process HTTP/0.9 requests with extra request line data as HTTP/1.1
https://bz.apache.org/bugzilla/show_bug.cgi?id=64240
---
.../apache/coyote/http11/Http11InputBuffer.java| 19 --
.../coyote/http11/TestHttp11InputBufferCRLF.java | 73 +++---
webapps/docs/changelog.xml | 5 ++
3 files changed, 83 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java
b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 7be3e01..289a0bc 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -462,6 +462,9 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
request.protocol().setString(Constants.HTTP_11);
throw new
IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
}
+if (chr == '<') {
+System.out.println("debug");
+}
if (chr == Constants.SP || chr == Constants.HT) {
space = true;
end = pos;
@@ -471,9 +474,10 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
// HTTP/0.9 style request
// Stop this processing loop
space = true;
+// Set blank protocol (indicates HTTP/0.9)
+request.protocol().setString("");
// Skip the protocol processing
-parsingRequestLinePhase = 6;
-parsingRequestLineEol = true;
+parsingRequestLinePhase = 7;
if (prevChr == Constants.CR) {
end = pos - 1;
} else {
@@ -504,7 +508,9 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
request.requestURI().setBytes(byteBuffer.array(),
parsingRequestLineStart,
end - parsingRequestLineStart);
}
-if (!parsingRequestLineEol) {
+// HTTP/0.9 processing jumps to stage 7.
+// Don't want to overwrite that here.
+if (parsingRequestLinePhase == 4) {
parsingRequestLinePhase = 5;
}
}
@@ -557,9 +563,12 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
if ((end - parsingRequestLineStart) > 0) {
request.protocol().setBytes(byteBuffer.array(),
parsingRequestLineStart,
end - parsingRequestLineStart);
-} else {
-request.protocol().setString("");
+parsingRequestLinePhase = 7;
}
+// If no protocol is found, the ISE below will be triggered.
+}
+if (parsingRequestLinePhase == 7) {
+// Parsing is complete. Return and clean-up.
parsingRequestLine = false;
parsingRequestLinePhase = 0;
parsingRequestLineEol = false;
diff --git a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
index 82315f5..ee033a1 100644
--- a/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
+++ b/test/org/apache/coyote/http11/TestHttp11InputBufferCRLF.java
@@ -45,32 +45,74 @@ public class TestHttp11InputBufferCRLF extends
TomcatBaseTest {
// Requests to exercise code that allows HT in place of SP
parameterSets.add(new Object[] { Boolean.FALSE, new String[] {
-"GET\thttp://localhost:8080/test\tHTTP/1.1; + CRLF +
+"GET\t/test\tHTTP/1.1" + CRLF +
"Host: localhost:8080" + CRLF +
-"Connection: close" + CRLF +
-CRLF } } );
+ "Connection: close" + CRLF +
+CRLF }, Boolean.TRUE } );
// Requests to simulate package boundaries
// HTTP/0.9 request
addRequestWithSplits("GET /test" + CRLF, Boolean.TRUE, parameterSets);
+// HTTP/0.9 request with space
+// Either malformed but acceptable HTTP/0.9 or invalid HTTP/1.1
+// Tomcat opts for invalid HTTP/1.1
+addRequestWithSplits("GET /test " + CRLF, Boolean.FALSE,
Boolean.FALSE, parameterSets);
+
// HTTP/0.9 request (no optional CR)
addRequestWithSplits("GET
[Bug 64255] tomcat-embed:chunked responses with header 'connetion:close' are damaged
https://bz.apache.org/bugzilla/show_bug.cgi?id=64255 Mark Thomas changed: What|Removed |Added Resolution|INFORMATIONPROVIDED |INVALID --- Comment #4 from Mark Thomas --- Bugzilla is not a support forum. If you want to ask questions, use the Tomcat users mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64255] tomcat-embed:chunked responses with header 'connetion:close' are damaged
https://bz.apache.org/bugzilla/show_bug.cgi?id=64255 taojiaen changed: What|Removed |Added Resolution|INVALID |INFORMATIONPROVIDED --- Comment #3 from taojiaen --- (In reply to Mark Thomas from comment #1) > If the application takes responsibility for setting the chunked encoding > header it also has to take responsibility sending for a correctly encoded > body. > > Generally, it is much simpler to let the container handle chunked encoding. thx for reply a really want to know what happend, I have worked it on for weeks and have no idea about it. the related bug is reported on github https://github.com/spring-cloud/spring-cloud-gateway/issues/1600#event-3129620407 https://github.com/spring-projects/spring-framework/issues/24699#issuecomment-600742824 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64255] tomcat-embed:chunked responses with header 'connetion:close' are damaged
https://bz.apache.org/bugzilla/show_bug.cgi?id=64255 --- Comment #2 from taojiaen --- (In reply to Mark Thomas from comment #1) > If the application takes responsibility for setting the chunked encoding > header it also has to take responsibility sending for a correctly encoded > body. > > Generally, it is much simpler to let the container handle chunked encoding. Even If I change the body into a simple character or other string, it also damaged.How can I solve this problem ? I just send a simple character is it not a correctly body?and It worked well when I use jetty or undertow, when I remove the header "connetion:close", it also worked well. Have I do some illegal operation? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
