Re: [tomcat] branch 9.0.x updated: Fix BZ 66548 - Add validation of Sec-Websocket-Key header
Am 08.06.23 um 05:50 schrieb Rainer Jung:
The new TestKeyHeader fails for me very frequently for TC 9 and TC 8.5,
but not for 10.1 or 11.
For TC 9 it fails roughly 30-50% of the times I run it. It fails for
jsse and for tcnative and for a wide range of JDKs and RHEL/SLES Linux
versions.
The failure happens only for NIO2, not for NIO. When it fails, the test
case takes about 60 seconds longer than when it is OK. The failing test
case is often testValid - the first test case that runs - and sometime
the second one testTooLong01.
It seems the pattern for TC 8.5 is the same but the tests are still
running.
You probably already fixed it for 10.1 and 11, but for 9.0 and 8.5 the
backport of 44e7282b54 seems to be missing.
Best regards,
Rainer
Am 24.05.23 um 12:29 schrieb ma...@apache.org:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 37f979762b Fix BZ 66548 - Add validation of
Sec-Websocket-Key header
37f979762b is described below
commit 37f979762b6ce28031e8e14a3d258cb1349e05a1
Author: Mark Thomas
AuthorDate: Tue Apr 11 08:18:43 2023 +0100
Fix BZ 66548 - Add validation of Sec-Websocket-Key header
Note that the validation isn't perfect. It aims to be good enough.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
---
.../apache/tomcat/util/codec/binary/Base64.java | 9 +++
.../tomcat/websocket/server/UpgradeUtil.java | 39 +-
.../tomcat/websocket/server/TestKeyHeader.java | 87
++
.../tomcat/websocket/server/TesterWsClient.java | 18 -
webapps/docs/changelog.xml | 11 +++
5 files changed, 159 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index c3b4fa9c16..884c3190d0 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -434,6 +434,15 @@ public class Base64 extends BaseNCodec {
}
+ public static boolean isInAlphabet(char c) {
+ // Fast for valid data. May be slow for invalid data.
+ try {
+ return STANDARD_DECODE_TABLE[c] != -1;
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return false;
+ }
+ }
+
/**
* Encode table to use: either STANDARD or URL_SAFE. Note: the
DECODE_TABLE above remains static because it is able
* to decode both STANDARD and URL_SAFE streams, but the
encodeTable must be a member variable so we can switch
diff --git a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
index eec6698f75..96d7aaf943 100644
--- a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
+++ b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
@@ -95,7 +95,7 @@ public class UpgradeUtil {
return;
}
key = req.getHeader(Constants.WS_KEY_HEADER_NAME);
- if (key == null) {
+ if (!validateKey(key)) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
@@ -224,6 +224,43 @@ public class UpgradeUtil {
}
+ /*
+ * Validate the key. It should be the base64 encoding of a random
16-byte value. 16-bytes are encoded in 24 base64
+ * characters, the last two of which must be ==.
+ *
+ * The validation isn't perfect:
+ *
+ * - it doesn't check the final non-'=' character is valid in the
context of the number of bits it is meant to be
+ * encoding.
+ *
+ * - it doesn't check that the value is random and changes for
each connection.
+ *
+ * Given that this header is for the benefit of the client, not
the server, this should be good enough.
+ */
+ private static boolean validateKey(String key) {
+ if (key == null) {
+ return false;
+ }
+
+ if (key.length() != 24) {
+ return false;
+ }
+
+ char[] keyChars = key.toCharArray();
+ if (keyChars[22] != '=' || keyChars[23] != '=') {
+ return false;
+ }
+
+ for (int i = 0; i < 22; i++) {
+ if (!Base64.isInAlphabet(keyChars[i])) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+
private static List
createTransformations(List negotiatedExtensions) {
TransformationFactory factory =
TransformationFactory.getInstance();
diff --git
a/test/org/apache/tomcat/websocket/server/TestKeyHeader.java
b/test/org/apache/tomcat/websocket/server/TestKeyHeader.java
new file mode 100644
index 00..fa05e44304
--- /dev/null
+++ b/test/org/apache/tomcat/websocket/server/TestKeyHeader.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apa
Re: [tomcat] branch 9.0.x updated: Fix BZ 66548 - Add validation of Sec-Websocket-Key header
The new TestKeyHeader fails for me very frequently for TC 9 and TC 8.5,
but not for 10.1 or 11.
For TC 9 it fails roughly 30-50% of the times I run it. It fails for
jsse and for tcnative and for a wide range of JDKs and RHEL/SLES Linux
versions.
The failure happens only for NIO2, not for NIO. When it fails, the test
case takes about 60 seconds longer than when it is OK. The failing test
case is often testValid - the first test case that runs - and sometime
the second one testTooLong01.
It seems the pattern for TC 8.5 is the same but the tests are still running.
Best regards,
Rainer
Am 24.05.23 um 12:29 schrieb ma...@apache.org:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 37f979762b Fix BZ 66548 - Add validation of Sec-Websocket-Key header
37f979762b is described below
commit 37f979762b6ce28031e8e14a3d258cb1349e05a1
Author: Mark Thomas
AuthorDate: Tue Apr 11 08:18:43 2023 +0100
Fix BZ 66548 - Add validation of Sec-Websocket-Key header
Note that the validation isn't perfect. It aims to be good enough.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
---
.../apache/tomcat/util/codec/binary/Base64.java| 9 +++
.../tomcat/websocket/server/UpgradeUtil.java | 39 +-
.../tomcat/websocket/server/TestKeyHeader.java | 87 ++
.../tomcat/websocket/server/TesterWsClient.java| 18 -
webapps/docs/changelog.xml | 11 +++
5 files changed, 159 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index c3b4fa9c16..884c3190d0 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -434,6 +434,15 @@ public class Base64 extends BaseNCodec {
}
+public static boolean isInAlphabet(char c) {
+// Fast for valid data. May be slow for invalid data.
+try {
+return STANDARD_DECODE_TABLE[c] != -1;
+} catch (ArrayIndexOutOfBoundsException ex) {
+return false;
+}
+}
+
/**
* Encode table to use: either STANDARD or URL_SAFE. Note: the
DECODE_TABLE above remains static because it is able
* to decode both STANDARD and URL_SAFE streams, but the encodeTable must
be a member variable so we can switch
diff --git a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
index eec6698f75..96d7aaf943 100644
--- a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
+++ b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
@@ -95,7 +95,7 @@ public class UpgradeUtil {
return;
}
key = req.getHeader(Constants.WS_KEY_HEADER_NAME);
-if (key == null) {
+if (!validateKey(key)) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
@@ -224,6 +224,43 @@ public class UpgradeUtil {
}
+/*
+ * Validate the key. It should be the base64 encoding of a random 16-byte
value. 16-bytes are encoded in 24 base64
+ * characters, the last two of which must be ==.
+ *
+ * The validation isn't perfect:
+ *
+ * - it doesn't check the final non-'=' character is valid in the context
of the number of bits it is meant to be
+ * encoding.
+ *
+ * - it doesn't check that the value is random and changes for each
connection.
+ *
+ * Given that this header is for the benefit of the client, not the
server, this should be good enough.
+ */
+private static boolean validateKey(String key) {
+if (key == null) {
+return false;
+}
+
+if (key.length() != 24) {
+return false;
+}
+
+char[] keyChars = key.toCharArray();
+if (keyChars[22] != '=' || keyChars[23] != '=') {
+return false;
+}
+
+for (int i = 0; i < 22; i++) {
+if (!Base64.isInAlphabet(keyChars[i])) {
+return false;
+}
+}
+
+return true;
+}
+
+
private static List createTransformations(List
negotiatedExtensions) {
TransformationFactory factory = TransformationFactory.getInstance();
diff --git a/test/org/apache/tomcat/websocket/server/TestKeyHeader.java
b/test/org/apache/tomcat/websocket/server/TestKeyHeader.java
new file mode 100644
index 00..fa05e44304
--- /dev/null
+++ b/test/org/apache/tomcat/websocket/server/TestKeyHeader.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional
[tomcat] branch 8.5.x updated: Align with 9.0.x/10.1.x/11.0.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 07647966c6 Align with 9.0.x/10.1.x/11.0.x
07647966c6 is described below
commit 07647966c6f157ec65c397a44638521227dcce03
Author: Mark Thomas
AuthorDate: Wed Jun 7 18:29:38 2023 +0100
Align with 9.0.x/10.1.x/11.0.x
---
java/org/apache/tomcat/util/buf/B2CConverter.java | 2 +-
java/org/apache/tomcat/util/buf/ByteBufferUtils.java| 2 +-
java/org/apache/tomcat/util/buf/HexUtils.java | 2 +-
java/org/apache/tomcat/util/buf/LocalStrings.properties | 2 --
4 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/B2CConverter.java
b/java/org/apache/tomcat/util/buf/B2CConverter.java
index 923ed66f9a..a7db2a3385 100644
--- a/java/org/apache/tomcat/util/buf/B2CConverter.java
+++ b/java/org/apache/tomcat/util/buf/B2CConverter.java
@@ -34,7 +34,7 @@ import org.apache.tomcat.util.res.StringManager;
*/
public class B2CConverter {
-private static final StringManager sm =
StringManager.getManager(Constants.Package);
+private static final StringManager sm =
StringManager.getManager(B2CConverter.class);
private static final CharsetCache charsetCache = new CharsetCache();
diff --git a/java/org/apache/tomcat/util/buf/ByteBufferUtils.java
b/java/org/apache/tomcat/util/buf/ByteBufferUtils.java
index 8a991d8fab..4593fabbad 100644
--- a/java/org/apache/tomcat/util/buf/ByteBufferUtils.java
+++ b/java/org/apache/tomcat/util/buf/ByteBufferUtils.java
@@ -28,7 +28,7 @@ import org.apache.tomcat.util.res.StringManager;
public class ByteBufferUtils {
-private static final StringManager sm =
StringManager.getManager(Constants.Package);
+private static final StringManager sm =
StringManager.getManager(ByteBufferUtils.class);
private static final Log log = LogFactory.getLog(ByteBufferUtils.class);
private static final Object unsafe;
diff --git a/java/org/apache/tomcat/util/buf/HexUtils.java
b/java/org/apache/tomcat/util/buf/HexUtils.java
index 794658e351..76bb7e0dff 100644
--- a/java/org/apache/tomcat/util/buf/HexUtils.java
+++ b/java/org/apache/tomcat/util/buf/HexUtils.java
@@ -26,7 +26,7 @@ import org.apache.tomcat.util.res.StringManager;
*/
public final class HexUtils {
-private static final StringManager sm =
StringManager.getManager(Constants.Package);
+private static final StringManager sm =
StringManager.getManager(HexUtils.class);
// -- Constants
diff --git a/java/org/apache/tomcat/util/buf/LocalStrings.properties
b/java/org/apache/tomcat/util/buf/LocalStrings.properties
index b486d726e1..523cd2dc1b 100644
--- a/java/org/apache/tomcat/util/buf/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/buf/LocalStrings.properties
@@ -20,8 +20,6 @@ b2cConverter.unknownEncoding=The character encoding [{0}] is
not supported
byteBufferUtils.cleaner=Cannot use direct ByteBuffer cleaner, memory leaking
may occur
-c2bConverter.recycleFailed=Failed to recycle the C2B Converter. Creating new
BufferedWriter, WriteConvertor and IntermediateOutputStream.
-
chunk.overflow=Buffer overflow and no sink is set, limit [{0}] and buffer
length [{1}]
encodedSolidusHandling.invalid=The value [{0}] is not recognised
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (81c6ff9301 -> 4fa5131599)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 81c6ff9301 Improve error handling new 0f282b0159 Prep before applying formatter. new 4fa5131599 Code clean-up - formatting. No functional change. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +- java/org/apache/tomcat/util/buf/Ascii.java | 19 +- java/org/apache/tomcat/util/buf/Asn1Parser.java| 17 +- java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +- java/org/apache/tomcat/util/buf/B2CConverter.java | 42 +-- .../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +- .../apache/tomcat/util/buf/ByteBufferUtils.java| 35 +-- java/org/apache/tomcat/util/buf/ByteChunk.java | 150 - java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +- java/org/apache/tomcat/util/buf/CharChunk.java | 81 +++-- java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +- java/org/apache/tomcat/util/buf/HexUtils.java | 32 +- java/org/apache/tomcat/util/buf/MessageBytes.java | 346 ++-- java/org/apache/tomcat/util/buf/StringCache.java | 102 +++--- java/org/apache/tomcat/util/buf/StringUtils.java | 21 +- java/org/apache/tomcat/util/buf/UDecoder.java | 347 ++--- java/org/apache/tomcat/util/buf/UEncoder.java | 160 +- java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++-- java/org/apache/tomcat/util/buf/Utf8Decoder.java | 53 ++-- java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +- 20 files changed, 713 insertions(+), 796 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Code clean-up - formatting. No functional change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 4fa51315990cf8a8f843aa0b1f3d34bd2deb54d1
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:59:53 2023 +0100
Code clean-up - formatting. No functional change.
---
java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +-
java/org/apache/tomcat/util/buf/Ascii.java | 19 +-
java/org/apache/tomcat/util/buf/Asn1Parser.java| 15 +-
java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +-
java/org/apache/tomcat/util/buf/B2CConverter.java | 42 +--
.../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +-
.../apache/tomcat/util/buf/ByteBufferUtils.java| 35 +--
java/org/apache/tomcat/util/buf/ByteChunk.java | 140 -
java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +-
java/org/apache/tomcat/util/buf/CharChunk.java | 81 +++--
java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +-
java/org/apache/tomcat/util/buf/HexUtils.java | 32 +-
java/org/apache/tomcat/util/buf/MessageBytes.java | 341 ++--
java/org/apache/tomcat/util/buf/StringCache.java | 102 +++---
java/org/apache/tomcat/util/buf/StringUtils.java | 21 +-
java/org/apache/tomcat/util/buf/UDecoder.java | 344 ++---
java/org/apache/tomcat/util/buf/UEncoder.java | 160 +-
java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++--
java/org/apache/tomcat/util/buf/Utf8Decoder.java | 53 ++--
java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +-
20 files changed, 700 insertions(+), 789 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/AbstractChunk.java
b/java/org/apache/tomcat/util/buf/AbstractChunk.java
index 1573fd4473..7bd7001181 100644
--- a/java/org/apache/tomcat/util/buf/AbstractChunk.java
+++ b/java/org/apache/tomcat/util/buf/AbstractChunk.java
@@ -26,10 +26,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
private static final long serialVersionUID = 1L;
/*
- * JVMs may limit the maximum array size to slightly less than
- * Integer.MAX_VALUE. On markt's desktop the limit is MAX_VALUE - 2.
- * Comments in the JRE source code for ArrayList and other classes indicate
- * that it may be as low as MAX_VALUE - 8 on some systems.
+ * JVMs may limit the maximum array size to slightly less than
Integer.MAX_VALUE. On markt's desktop the limit is
+ * MAX_VALUE - 2. Comments in the JRE source code for ArrayList and other
classes indicate that it may be as low as
+ * MAX_VALUE - 8 on some systems.
*/
public static final int ARRAY_MAX_SIZE = Integer.MAX_VALUE - 8;
@@ -45,10 +44,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
/**
- * Maximum amount of data in this buffer. If -1 or not set, the buffer will
- * grow to {{@link #ARRAY_MAX_SIZE}. Can be smaller than the current buffer
- * size ( which will not shrink ). When the limit is reached, the buffer
- * will be flushed (if out is set) or throw exception.
+ * Maximum amount of data in this buffer. If -1 or not set, the buffer
will grow to {{@link #ARRAY_MAX_SIZE}. Can be
+ * smaller than the current buffer size ( which will not shrink ). When
the limit is reached, the buffer will be
+ * flushed (if out is set) or throw exception.
*
* @param limit The new limit
*/
diff --git a/java/org/apache/tomcat/util/buf/Ascii.java
b/java/org/apache/tomcat/util/buf/Ascii.java
index daf9310a71..2c6d1eefcf 100644
--- a/java/org/apache/tomcat/util/buf/Ascii.java
+++ b/java/org/apache/tomcat/util/buf/Ascii.java
@@ -40,13 +40,13 @@ public final class Ascii {
*/
static {
for (int i = 0; i < 256; i++) {
-toLower[i] = (byte)i;
+toLower[i] = (byte) i;
}
for (int lc = 'a'; lc <= 'z'; lc++) {
int uc = lc + 'A' - 'a';
-toLower[uc] = (byte)lc;
+toLower[uc] = (byte) lc;
}
for (int d = '0'; d <= '9'; d++) {
@@ -56,7 +56,9 @@ public final class Ascii {
/**
* Returns the lower case equivalent of the specified ASCII character.
+ *
* @param c The char
+ *
* @return the lower case equivalent char
*/
public static int toLower(int c) {
@@ -65,6 +67,7 @@ public final class Ascii {
/**
* @return true if the specified ASCII character is a digit.
+ *
* @param c The char
*/
private static boolean isDigit(int c) {
@@ -73,15 +76,16 @@ public final class Ascii {
/**
* Parses an unsigned long from the specified subarray of bytes.
- * @param b the bytes to parse
+ *
+ * @param b the bytes to parse
* @param off the start offset of the bytes
* @param len the length of the bytes
+ *
* @return the long value
+ *
* @except
[tomcat] 01/02: Prep before applying formatter.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0f282b015979daf7ed1df80a6cff42559fba6382
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:49:29 2023 +0100
Prep before applying formatter.
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 2 +-
java/org/apache/tomcat/util/buf/ByteChunk.java| 14 --
java/org/apache/tomcat/util/buf/MessageBytes.java | 7 ---
java/org/apache/tomcat/util/buf/UDecoder.java | 3 +++
4 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index 436e5ea5f0..9c5bb276b2 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -23,7 +23,7 @@ import org.apache.tomcat.util.res.StringManager;
/**
* This is a very basic ASN.1 parser that provides the limited functionality
* required by Tomcat. It is a long way from a complete parser.
- *
+ *
* TODO: Consider extending this parser and refactoring the SpnegoTokenFixer to
* use it.
*/
diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index fe09070936..007330a250 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -46,17 +46,17 @@ import org.apache.tomcat.util.res.StringManager;
/**
* This class is used to represent a chunk of bytes, and utilities to
manipulate
* byte[].
- *
+ *
* The buffer can be modified and used for both input and output.
- *
+ *
* There are 2 modes: The chunk can be associated with a sink -
ByteInputChannel
* or ByteOutputChannel, which will be used when the buffer is empty (on input)
* or filled (on output). For output, it can also grow. This operating mode is
* selected by calling setLimit() or allocate(initial, limit) with limit != -1.
- *
+ *
* Various search and append method are defined - similar with String and
* StringBuffer, but operating on bytes.
- *
+ *
* This is important because it allows processing the http headers directly on
* the received bytes, without converting to chars and Strings until the
strings
* are needed. In addition, the charset is determined later, from headers or
@@ -733,7 +733,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in this ByteChunk
* starting at the specified byte. If the character is not found, -1 is
- * returned.
+ * returned.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param c The character
@@ -749,7 +750,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in the given byte
array
- * between the specified start and end.
+ * between the specified start and end.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param bytes The array to search
diff --git a/java/org/apache/tomcat/util/buf/MessageBytes.java
b/java/org/apache/tomcat/util/buf/MessageBytes.java
index c0eb4a9c3c..9203d1049b 100644
--- a/java/org/apache/tomcat/util/buf/MessageBytes.java
+++ b/java/org/apache/tomcat/util/buf/MessageBytes.java
@@ -29,7 +29,7 @@ import org.apache.tomcat.util.res.StringManager;
* This class is used to represent a subarray of bytes in an HTTP message.
* It represents all request/response elements. The byte/char conversions are
* delayed and cached. Everything is recyclable.
- *
+ *
* The object can represent a byte[], a char[], or a (sub) String. All
* operations can be made in case sensitive mode or not.
*
@@ -301,7 +301,7 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Convert to char[] and fill the CharChunk.
- *
+ *
* Note: The conversion from bytes is not optimised - it converts to String
* first. However, Tomcat doesn't call this method to convert from
* bytes so there is no benefit from optimising that path.
@@ -328,7 +328,8 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Returns the length of the original buffer.
- * Note that the length in bytes may be different from the length
+ *
+ * Note: The length in bytes may be different from the length
* in chars.
* @return the length
*/
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index 2917c99bfd..c647ccb397 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -475,11 +475,14 @@ public final class UDecoder {
* Decoding is required.
*
* Potential complications:
+
[tomcat] branch 9.0.x updated (300a482b62 -> 475f43bd1f)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 300a482b62 Improve error handling new fc09aea586 Prep before applying formatter. new 475f43bd1f Code clean-up - formatting. No functional change. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +- java/org/apache/tomcat/util/buf/Ascii.java | 19 +- java/org/apache/tomcat/util/buf/Asn1Parser.java| 17 +- java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +- java/org/apache/tomcat/util/buf/B2CConverter.java | 26 +- .../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +- .../apache/tomcat/util/buf/ByteBufferUtils.java| 32 +- java/org/apache/tomcat/util/buf/ByteChunk.java | 174 +-- java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +- java/org/apache/tomcat/util/buf/CharChunk.java | 91 +++--- java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +- java/org/apache/tomcat/util/buf/HexUtils.java | 29 +- java/org/apache/tomcat/util/buf/MessageBytes.java | 346 +++-- java/org/apache/tomcat/util/buf/StringCache.java | 102 +++--- java/org/apache/tomcat/util/buf/StringUtils.java | 13 +- java/org/apache/tomcat/util/buf/UDecoder.java | 308 +- java/org/apache/tomcat/util/buf/UEncoder.java | 160 +- java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++-- java/org/apache/tomcat/util/buf/Utf8Decoder.java | 53 ++-- java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +- 20 files changed, 693 insertions(+), 781 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Code clean-up - formatting. No functional change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 475f43bd1f28dff33ad54be1024b529cfc32a1d3
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:58:00 2023 +0100
Code clean-up - formatting. No functional change.
---
java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +-
java/org/apache/tomcat/util/buf/Ascii.java | 19 +-
java/org/apache/tomcat/util/buf/Asn1Parser.java| 15 +-
java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +-
java/org/apache/tomcat/util/buf/B2CConverter.java | 26 +-
.../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +-
.../apache/tomcat/util/buf/ByteBufferUtils.java| 32 +-
java/org/apache/tomcat/util/buf/ByteChunk.java | 164 +-
java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +-
java/org/apache/tomcat/util/buf/CharChunk.java | 91 +++---
java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +-
java/org/apache/tomcat/util/buf/HexUtils.java | 29 +-
java/org/apache/tomcat/util/buf/MessageBytes.java | 341 +++--
java/org/apache/tomcat/util/buf/StringCache.java | 102 +++---
java/org/apache/tomcat/util/buf/StringUtils.java | 13 +-
java/org/apache/tomcat/util/buf/UDecoder.java | 305 +-
java/org/apache/tomcat/util/buf/UEncoder.java | 160 +-
java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++--
java/org/apache/tomcat/util/buf/Utf8Decoder.java | 53 ++--
java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +-
20 files changed, 680 insertions(+), 774 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/AbstractChunk.java
b/java/org/apache/tomcat/util/buf/AbstractChunk.java
index 75d5b58bf1..3e06362f5f 100644
--- a/java/org/apache/tomcat/util/buf/AbstractChunk.java
+++ b/java/org/apache/tomcat/util/buf/AbstractChunk.java
@@ -29,10 +29,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
protected static final StringManager sm =
StringManager.getManager(AbstractChunk.class);
/*
- * JVMs may limit the maximum array size to slightly less than
- * Integer.MAX_VALUE. On markt's desktop the limit is MAX_VALUE - 2.
- * Comments in the JRE source code for ArrayList and other classes indicate
- * that it may be as low as MAX_VALUE - 8 on some systems.
+ * JVMs may limit the maximum array size to slightly less than
Integer.MAX_VALUE. On markt's desktop the limit is
+ * MAX_VALUE - 2. Comments in the JRE source code for ArrayList and other
classes indicate that it may be as low as
+ * MAX_VALUE - 8 on some systems.
*/
public static final int ARRAY_MAX_SIZE = Integer.MAX_VALUE - 8;
@@ -48,10 +47,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
/**
- * Maximum amount of data in this buffer. If -1 or not set, the buffer will
- * grow to {{@link #ARRAY_MAX_SIZE}. Can be smaller than the current buffer
- * size ( which will not shrink ). When the limit is reached, the buffer
- * will be flushed (if out is set) or throw exception.
+ * Maximum amount of data in this buffer. If -1 or not set, the buffer
will grow to {{@link #ARRAY_MAX_SIZE}. Can be
+ * smaller than the current buffer size ( which will not shrink ). When
the limit is reached, the buffer will be
+ * flushed (if out is set) or throw exception.
*
* @param limit The new limit
*/
diff --git a/java/org/apache/tomcat/util/buf/Ascii.java
b/java/org/apache/tomcat/util/buf/Ascii.java
index daf9310a71..2c6d1eefcf 100644
--- a/java/org/apache/tomcat/util/buf/Ascii.java
+++ b/java/org/apache/tomcat/util/buf/Ascii.java
@@ -40,13 +40,13 @@ public final class Ascii {
*/
static {
for (int i = 0; i < 256; i++) {
-toLower[i] = (byte)i;
+toLower[i] = (byte) i;
}
for (int lc = 'a'; lc <= 'z'; lc++) {
int uc = lc + 'A' - 'a';
-toLower[uc] = (byte)lc;
+toLower[uc] = (byte) lc;
}
for (int d = '0'; d <= '9'; d++) {
@@ -56,7 +56,9 @@ public final class Ascii {
/**
* Returns the lower case equivalent of the specified ASCII character.
+ *
* @param c The char
+ *
* @return the lower case equivalent char
*/
public static int toLower(int c) {
@@ -65,6 +67,7 @@ public final class Ascii {
/**
* @return true if the specified ASCII character is a digit.
+ *
* @param c The char
*/
private static boolean isDigit(int c) {
@@ -73,15 +76,16 @@ public final class Ascii {
/**
* Parses an unsigned long from the specified subarray of bytes.
- * @param b the bytes to parse
+ *
+ * @param b the bytes to parse
* @param off the start offset of the bytes
* @param len the length of the bytes
+ *
* @return
[tomcat] 01/02: Prep before applying formatter.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit fc09aea5860db67a486c9287c3e43ac87534556d
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:49:29 2023 +0100
Prep before applying formatter.
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 2 +-
java/org/apache/tomcat/util/buf/ByteChunk.java| 14 --
java/org/apache/tomcat/util/buf/MessageBytes.java | 7 ---
java/org/apache/tomcat/util/buf/UDecoder.java | 3 +++
4 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index 436e5ea5f0..9c5bb276b2 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -23,7 +23,7 @@ import org.apache.tomcat.util.res.StringManager;
/**
* This is a very basic ASN.1 parser that provides the limited functionality
* required by Tomcat. It is a long way from a complete parser.
- *
+ *
* TODO: Consider extending this parser and refactoring the SpnegoTokenFixer to
* use it.
*/
diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index 01e38db7ae..210a49fdbb 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -44,17 +44,17 @@ import java.nio.charset.StandardCharsets;
/**
* This class is used to represent a chunk of bytes, and utilities to
manipulate
* byte[].
- *
+ *
* The buffer can be modified and used for both input and output.
- *
+ *
* There are 2 modes: The chunk can be associated with a sink -
ByteInputChannel
* or ByteOutputChannel, which will be used when the buffer is empty (on input)
* or filled (on output). For output, it can also grow. This operating mode is
* selected by calling setLimit() or allocate(initial, limit) with limit != -1.
- *
+ *
* Various search and append method are defined - similar with String and
* StringBuffer, but operating on bytes.
- *
+ *
* This is important because it allows processing the http headers directly on
* the received bytes, without converting to chars and Strings until the
strings
* are needed. In addition, the charset is determined later, from headers or
@@ -775,7 +775,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in this ByteChunk
* starting at the specified byte. If the character is not found, -1 is
- * returned.
+ * returned.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param c The character
@@ -791,7 +792,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in the given byte
array
- * between the specified start and end.
+ * between the specified start and end.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param bytes The array to search
diff --git a/java/org/apache/tomcat/util/buf/MessageBytes.java
b/java/org/apache/tomcat/util/buf/MessageBytes.java
index f1b37ae9ae..94a8180084 100644
--- a/java/org/apache/tomcat/util/buf/MessageBytes.java
+++ b/java/org/apache/tomcat/util/buf/MessageBytes.java
@@ -29,7 +29,7 @@ import org.apache.tomcat.util.res.StringManager;
* This class is used to represent a subarray of bytes in an HTTP message.
* It represents all request/response elements. The byte/char conversions are
* delayed and cached. Everything is recyclable.
- *
+ *
* The object can represent a byte[], a char[], or a (sub) String. All
* operations can be made in case sensitive mode or not.
*
@@ -301,7 +301,7 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Convert to char[] and fill the CharChunk.
- *
+ *
* Note: The conversion from bytes is not optimised - it converts to String
* first. However, Tomcat doesn't call this method to convert from
* bytes so there is no benefit from optimising that path.
@@ -328,7 +328,8 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Returns the length of the original buffer.
- * Note that the length in bytes may be different from the length
+ *
+ * Note: The length in bytes may be different from the length
* in chars.
* @return the length
*/
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index 431ea44a6f..6345281918 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -393,11 +393,14 @@ public final class UDecoder {
* Decoding is required.
*
* Potential complications:
+
[tomcat] branch main updated (873051516c -> c114c309a3)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 873051516c Add Panama module for Java 21 new 7dd802cd4a Prep before applying formatter. new c114c309a3 Code clean-up - formatting. No functional change. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +- java/org/apache/tomcat/util/buf/Ascii.java | 19 +- java/org/apache/tomcat/util/buf/Asn1Parser.java| 17 +- java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +- java/org/apache/tomcat/util/buf/B2CConverter.java | 26 +- .../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +- .../apache/tomcat/util/buf/ByteBufferUtils.java| 28 +- java/org/apache/tomcat/util/buf/ByteChunk.java | 150 + java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +- java/org/apache/tomcat/util/buf/CharChunk.java | 82 +++-- java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +- java/org/apache/tomcat/util/buf/CharsetHolder.java | 31 +- java/org/apache/tomcat/util/buf/HexUtils.java | 29 +- java/org/apache/tomcat/util/buf/MessageBytes.java | 343 +++-- java/org/apache/tomcat/util/buf/StringCache.java | 102 +++--- java/org/apache/tomcat/util/buf/StringUtils.java | 13 +- java/org/apache/tomcat/util/buf/UDecoder.java | 170 +- java/org/apache/tomcat/util/buf/UEncoder.java | 160 +- java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++-- java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +- 20 files changed, 603 insertions(+), 671 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Code clean-up - formatting. No functional change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c114c309a368527d45d5c4cde210c4541802c3d7
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:54:00 2023 +0100
Code clean-up - formatting. No functional change.
---
java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +-
java/org/apache/tomcat/util/buf/Ascii.java | 19 +-
java/org/apache/tomcat/util/buf/Asn1Parser.java| 15 +-
java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +-
java/org/apache/tomcat/util/buf/B2CConverter.java | 26 +-
.../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +-
.../apache/tomcat/util/buf/ByteBufferUtils.java| 28 +-
java/org/apache/tomcat/util/buf/ByteChunk.java | 140 -
java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +-
java/org/apache/tomcat/util/buf/CharChunk.java | 82 +++--
java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +-
java/org/apache/tomcat/util/buf/CharsetHolder.java | 31 +-
java/org/apache/tomcat/util/buf/HexUtils.java | 29 +-
java/org/apache/tomcat/util/buf/MessageBytes.java | 338 +++--
java/org/apache/tomcat/util/buf/StringCache.java | 102 +++
java/org/apache/tomcat/util/buf/StringUtils.java | 13 +-
java/org/apache/tomcat/util/buf/UDecoder.java | 167 +-
java/org/apache/tomcat/util/buf/UEncoder.java | 160 +-
java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++--
java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +-
20 files changed, 590 insertions(+), 664 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/AbstractChunk.java
b/java/org/apache/tomcat/util/buf/AbstractChunk.java
index 75d5b58bf1..3e06362f5f 100644
--- a/java/org/apache/tomcat/util/buf/AbstractChunk.java
+++ b/java/org/apache/tomcat/util/buf/AbstractChunk.java
@@ -29,10 +29,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
protected static final StringManager sm =
StringManager.getManager(AbstractChunk.class);
/*
- * JVMs may limit the maximum array size to slightly less than
- * Integer.MAX_VALUE. On markt's desktop the limit is MAX_VALUE - 2.
- * Comments in the JRE source code for ArrayList and other classes indicate
- * that it may be as low as MAX_VALUE - 8 on some systems.
+ * JVMs may limit the maximum array size to slightly less than
Integer.MAX_VALUE. On markt's desktop the limit is
+ * MAX_VALUE - 2. Comments in the JRE source code for ArrayList and other
classes indicate that it may be as low as
+ * MAX_VALUE - 8 on some systems.
*/
public static final int ARRAY_MAX_SIZE = Integer.MAX_VALUE - 8;
@@ -48,10 +47,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
/**
- * Maximum amount of data in this buffer. If -1 or not set, the buffer will
- * grow to {{@link #ARRAY_MAX_SIZE}. Can be smaller than the current buffer
- * size ( which will not shrink ). When the limit is reached, the buffer
- * will be flushed (if out is set) or throw exception.
+ * Maximum amount of data in this buffer. If -1 or not set, the buffer
will grow to {{@link #ARRAY_MAX_SIZE}. Can be
+ * smaller than the current buffer size ( which will not shrink ). When
the limit is reached, the buffer will be
+ * flushed (if out is set) or throw exception.
*
* @param limit The new limit
*/
diff --git a/java/org/apache/tomcat/util/buf/Ascii.java
b/java/org/apache/tomcat/util/buf/Ascii.java
index daf9310a71..2c6d1eefcf 100644
--- a/java/org/apache/tomcat/util/buf/Ascii.java
+++ b/java/org/apache/tomcat/util/buf/Ascii.java
@@ -40,13 +40,13 @@ public final class Ascii {
*/
static {
for (int i = 0; i < 256; i++) {
-toLower[i] = (byte)i;
+toLower[i] = (byte) i;
}
for (int lc = 'a'; lc <= 'z'; lc++) {
int uc = lc + 'A' - 'a';
-toLower[uc] = (byte)lc;
+toLower[uc] = (byte) lc;
}
for (int d = '0'; d <= '9'; d++) {
@@ -56,7 +56,9 @@ public final class Ascii {
/**
* Returns the lower case equivalent of the specified ASCII character.
+ *
* @param c The char
+ *
* @return the lower case equivalent char
*/
public static int toLower(int c) {
@@ -65,6 +67,7 @@ public final class Ascii {
/**
* @return true if the specified ASCII character is a digit.
+ *
* @param c The char
*/
private static boolean isDigit(int c) {
@@ -73,15 +76,16 @@ public final class Ascii {
/**
* Parses an unsigned long from the specified subarray of bytes.
- * @param b the bytes to parse
+ *
+ * @param b the bytes to parse
* @param off the start offset of the bytes
* @param len the length of the bytes
+ *
* @return the long va
[tomcat] 01/02: Prep before applying formatter.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7dd802cd4a6a9ef77e8138359f7305652d729d4b
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:49:29 2023 +0100
Prep before applying formatter.
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 2 +-
java/org/apache/tomcat/util/buf/ByteChunk.java| 14 --
java/org/apache/tomcat/util/buf/MessageBytes.java | 7 ---
java/org/apache/tomcat/util/buf/UDecoder.java | 3 +++
4 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index 436e5ea5f0..9c5bb276b2 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -23,7 +23,7 @@ import org.apache.tomcat.util.res.StringManager;
/**
* This is a very basic ASN.1 parser that provides the limited functionality
* required by Tomcat. It is a long way from a complete parser.
- *
+ *
* TODO: Consider extending this parser and refactoring the SpnegoTokenFixer to
* use it.
*/
diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index b8e060e81b..40607bb084 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -44,17 +44,17 @@ import java.nio.charset.StandardCharsets;
/**
* This class is used to represent a chunk of bytes, and utilities to
manipulate
* byte[].
- *
+ *
* The buffer can be modified and used for both input and output.
- *
+ *
* There are 2 modes: The chunk can be associated with a sink -
ByteInputChannel
* or ByteOutputChannel, which will be used when the buffer is empty (on input)
* or filled (on output). For output, it can also grow. This operating mode is
* selected by calling setLimit() or allocate(initial, limit) with limit != -1.
- *
+ *
* Various search and append method are defined - similar with String and
* StringBuffer, but operating on bytes.
- *
+ *
* This is important because it allows processing the http headers directly on
* the received bytes, without converting to chars and Strings until the
strings
* are needed. In addition, the charset is determined later, from headers or
@@ -728,7 +728,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in this ByteChunk
* starting at the specified byte. If the character is not found, -1 is
- * returned.
+ * returned.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param c The character
@@ -744,7 +745,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in the given byte
array
- * between the specified start and end.
+ * between the specified start and end.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param bytes The array to search
diff --git a/java/org/apache/tomcat/util/buf/MessageBytes.java
b/java/org/apache/tomcat/util/buf/MessageBytes.java
index d013231470..78f1f114d0 100644
--- a/java/org/apache/tomcat/util/buf/MessageBytes.java
+++ b/java/org/apache/tomcat/util/buf/MessageBytes.java
@@ -30,7 +30,7 @@ import java.util.Locale;
* This class is used to represent a subarray of bytes in an HTTP message.
* It represents all request/response elements. The byte/char conversions are
* delayed and cached. Everything is recyclable.
- *
+ *
* The object can represent a byte[], a char[], or a (sub) String. All
* operations can be made in case sensitive mode or not.
*
@@ -278,7 +278,7 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Convert to char[] and fill the CharChunk.
- *
+ *
* Note: The conversion from bytes is not optimised - it converts to String
* first. However, Tomcat doesn't call this method to convert from
* bytes so there is no benefit from optimising that path.
@@ -305,7 +305,8 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Returns the length of the original buffer.
- * Note that the length in bytes may be different from the length
+ *
+ * Note: The length in bytes may be different from the length
* in chars.
* @return the length
*/
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index 094d50ef9a..b411244071 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -190,11 +190,14 @@ public final class UDecoder {
* Decoding is required.
*
* Potential complications:
+ *
* - The sour
[tomcat] branch 10.1.x updated (e9b5ebf1d5 -> b93542252e)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from e9b5ebf1d5 Improve error handling new 74124d78d8 Prep before applying formatter. new b93542252e Code clean-up - formatting. No functional change. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +- java/org/apache/tomcat/util/buf/Ascii.java | 19 +- java/org/apache/tomcat/util/buf/Asn1Parser.java| 17 +- java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +- java/org/apache/tomcat/util/buf/B2CConverter.java | 26 +- .../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +- .../apache/tomcat/util/buf/ByteBufferUtils.java| 28 +- java/org/apache/tomcat/util/buf/ByteChunk.java | 150 - java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +- java/org/apache/tomcat/util/buf/CharChunk.java | 82 +++-- java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +- java/org/apache/tomcat/util/buf/HexUtils.java | 29 +- java/org/apache/tomcat/util/buf/MessageBytes.java | 346 +++-- java/org/apache/tomcat/util/buf/StringCache.java | 102 +++--- java/org/apache/tomcat/util/buf/StringUtils.java | 13 +- java/org/apache/tomcat/util/buf/UDecoder.java | 170 +- java/org/apache/tomcat/util/buf/UEncoder.java | 160 +- java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++-- java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +- 19 files changed, 591 insertions(+), 655 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Prep before applying formatter.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 74124d78d8a0bd5cdd80e4af8782b4f886f0d384
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:49:29 2023 +0100
Prep before applying formatter.
---
java/org/apache/tomcat/util/buf/Asn1Parser.java | 2 +-
java/org/apache/tomcat/util/buf/ByteChunk.java| 14 --
java/org/apache/tomcat/util/buf/MessageBytes.java | 7 ---
java/org/apache/tomcat/util/buf/UDecoder.java | 3 +++
4 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/Asn1Parser.java
b/java/org/apache/tomcat/util/buf/Asn1Parser.java
index 436e5ea5f0..9c5bb276b2 100644
--- a/java/org/apache/tomcat/util/buf/Asn1Parser.java
+++ b/java/org/apache/tomcat/util/buf/Asn1Parser.java
@@ -23,7 +23,7 @@ import org.apache.tomcat.util.res.StringManager;
/**
* This is a very basic ASN.1 parser that provides the limited functionality
* required by Tomcat. It is a long way from a complete parser.
- *
+ *
* TODO: Consider extending this parser and refactoring the SpnegoTokenFixer to
* use it.
*/
diff --git a/java/org/apache/tomcat/util/buf/ByteChunk.java
b/java/org/apache/tomcat/util/buf/ByteChunk.java
index b8e060e81b..40607bb084 100644
--- a/java/org/apache/tomcat/util/buf/ByteChunk.java
+++ b/java/org/apache/tomcat/util/buf/ByteChunk.java
@@ -44,17 +44,17 @@ import java.nio.charset.StandardCharsets;
/**
* This class is used to represent a chunk of bytes, and utilities to
manipulate
* byte[].
- *
+ *
* The buffer can be modified and used for both input and output.
- *
+ *
* There are 2 modes: The chunk can be associated with a sink -
ByteInputChannel
* or ByteOutputChannel, which will be used when the buffer is empty (on input)
* or filled (on output). For output, it can also grow. This operating mode is
* selected by calling setLimit() or allocate(initial, limit) with limit != -1.
- *
+ *
* Various search and append method are defined - similar with String and
* StringBuffer, but operating on bytes.
- *
+ *
* This is important because it allows processing the http headers directly on
* the received bytes, without converting to chars and Strings until the
strings
* are needed. In addition, the charset is determined later, from headers or
@@ -728,7 +728,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in this ByteChunk
* starting at the specified byte. If the character is not found, -1 is
- * returned.
+ * returned.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param c The character
@@ -744,7 +745,8 @@ public final class ByteChunk extends AbstractChunk {
/**
* Returns the first instance of the given character in the given byte
array
- * between the specified start and end.
+ * between the specified start and end.
+ *
* NOTE: This only works for characters in the range 0-127.
*
* @param bytes The array to search
diff --git a/java/org/apache/tomcat/util/buf/MessageBytes.java
b/java/org/apache/tomcat/util/buf/MessageBytes.java
index f1b37ae9ae..94a8180084 100644
--- a/java/org/apache/tomcat/util/buf/MessageBytes.java
+++ b/java/org/apache/tomcat/util/buf/MessageBytes.java
@@ -29,7 +29,7 @@ import org.apache.tomcat.util.res.StringManager;
* This class is used to represent a subarray of bytes in an HTTP message.
* It represents all request/response elements. The byte/char conversions are
* delayed and cached. Everything is recyclable.
- *
+ *
* The object can represent a byte[], a char[], or a (sub) String. All
* operations can be made in case sensitive mode or not.
*
@@ -301,7 +301,7 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Convert to char[] and fill the CharChunk.
- *
+ *
* Note: The conversion from bytes is not optimised - it converts to String
* first. However, Tomcat doesn't call this method to convert from
* bytes so there is no benefit from optimising that path.
@@ -328,7 +328,8 @@ public final class MessageBytes implements Cloneable,
Serializable {
/**
* Returns the length of the original buffer.
- * Note that the length in bytes may be different from the length
+ *
+ * Note: The length in bytes may be different from the length
* in chars.
* @return the length
*/
diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java
b/java/org/apache/tomcat/util/buf/UDecoder.java
index 094d50ef9a..b411244071 100644
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -190,11 +190,14 @@ public final class UDecoder {
* Decoding is required.
*
* Potential complications:
+
[tomcat] 02/02: Code clean-up - formatting. No functional change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b93542252e2feeb317dd88456ad163ba09683d48
Author: Mark Thomas
AuthorDate: Wed Jun 7 17:55:35 2023 +0100
Code clean-up - formatting. No functional change.
---
java/org/apache/tomcat/util/buf/AbstractChunk.java | 14 +-
java/org/apache/tomcat/util/buf/Ascii.java | 19 +-
java/org/apache/tomcat/util/buf/Asn1Parser.java| 15 +-
java/org/apache/tomcat/util/buf/Asn1Writer.java| 5 +-
java/org/apache/tomcat/util/buf/B2CConverter.java | 26 +-
.../apache/tomcat/util/buf/ByteBufferHolder.java | 7 +-
.../apache/tomcat/util/buf/ByteBufferUtils.java| 28 +-
java/org/apache/tomcat/util/buf/ByteChunk.java | 140 -
java/org/apache/tomcat/util/buf/C2BConverter.java | 5 +-
java/org/apache/tomcat/util/buf/CharChunk.java | 82 +++--
java/org/apache/tomcat/util/buf/CharsetCache.java | 9 +-
java/org/apache/tomcat/util/buf/HexUtils.java | 29 +-
java/org/apache/tomcat/util/buf/MessageBytes.java | 341 +++--
java/org/apache/tomcat/util/buf/StringCache.java | 102 +++---
java/org/apache/tomcat/util/buf/StringUtils.java | 13 +-
java/org/apache/tomcat/util/buf/UDecoder.java | 167 +-
java/org/apache/tomcat/util/buf/UEncoder.java | 160 +-
java/org/apache/tomcat/util/buf/UriUtil.java | 61 ++--
java/org/apache/tomcat/util/buf/Utf8Encoder.java | 3 +-
19 files changed, 578 insertions(+), 648 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/AbstractChunk.java
b/java/org/apache/tomcat/util/buf/AbstractChunk.java
index 75d5b58bf1..3e06362f5f 100644
--- a/java/org/apache/tomcat/util/buf/AbstractChunk.java
+++ b/java/org/apache/tomcat/util/buf/AbstractChunk.java
@@ -29,10 +29,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
protected static final StringManager sm =
StringManager.getManager(AbstractChunk.class);
/*
- * JVMs may limit the maximum array size to slightly less than
- * Integer.MAX_VALUE. On markt's desktop the limit is MAX_VALUE - 2.
- * Comments in the JRE source code for ArrayList and other classes indicate
- * that it may be as low as MAX_VALUE - 8 on some systems.
+ * JVMs may limit the maximum array size to slightly less than
Integer.MAX_VALUE. On markt's desktop the limit is
+ * MAX_VALUE - 2. Comments in the JRE source code for ArrayList and other
classes indicate that it may be as low as
+ * MAX_VALUE - 8 on some systems.
*/
public static final int ARRAY_MAX_SIZE = Integer.MAX_VALUE - 8;
@@ -48,10 +47,9 @@ public abstract class AbstractChunk implements Cloneable,
Serializable {
/**
- * Maximum amount of data in this buffer. If -1 or not set, the buffer will
- * grow to {{@link #ARRAY_MAX_SIZE}. Can be smaller than the current buffer
- * size ( which will not shrink ). When the limit is reached, the buffer
- * will be flushed (if out is set) or throw exception.
+ * Maximum amount of data in this buffer. If -1 or not set, the buffer
will grow to {{@link #ARRAY_MAX_SIZE}. Can be
+ * smaller than the current buffer size ( which will not shrink ). When
the limit is reached, the buffer will be
+ * flushed (if out is set) or throw exception.
*
* @param limit The new limit
*/
diff --git a/java/org/apache/tomcat/util/buf/Ascii.java
b/java/org/apache/tomcat/util/buf/Ascii.java
index daf9310a71..2c6d1eefcf 100644
--- a/java/org/apache/tomcat/util/buf/Ascii.java
+++ b/java/org/apache/tomcat/util/buf/Ascii.java
@@ -40,13 +40,13 @@ public final class Ascii {
*/
static {
for (int i = 0; i < 256; i++) {
-toLower[i] = (byte)i;
+toLower[i] = (byte) i;
}
for (int lc = 'a'; lc <= 'z'; lc++) {
int uc = lc + 'A' - 'a';
-toLower[uc] = (byte)lc;
+toLower[uc] = (byte) lc;
}
for (int d = '0'; d <= '9'; d++) {
@@ -56,7 +56,9 @@ public final class Ascii {
/**
* Returns the lower case equivalent of the specified ASCII character.
+ *
* @param c The char
+ *
* @return the lower case equivalent char
*/
public static int toLower(int c) {
@@ -65,6 +67,7 @@ public final class Ascii {
/**
* @return true if the specified ASCII character is a digit.
+ *
* @param c The char
*/
private static boolean isDigit(int c) {
@@ -73,15 +76,16 @@ public final class Ascii {
/**
* Parses an unsigned long from the specified subarray of bytes.
- * @param b the bytes to parse
+ *
+ * @param b the bytes to parse
* @param off the start offset of the bytes
* @param len the length of the bytes
+ *
* @return the long value
+ *
* @exception NumberFormatException if the
[Bug 66627] Regression due to MessageBytes refactoring
https://bz.apache.org/bugzilla/show_bug.cgi?id=66627 --- Comment #3 from Mark Thomas --- The API is also documented not to be stable. See the section on API stability in the RELEASE-NOTES.txt file that should be at the root of every Tomcat 9 distribution. That said, I do plan to look at the feasibility of restoring the behaviour described in the getType() Javadoc. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66627] Regression due to MessageBytes refactoring
https://bz.apache.org/bugzilla/show_bug.cgi?id=66627 --- Comment #2 from WJCarpenter --- I agree in general with the point about calling internals, but it is, after all, a documented API. Thanks for the pointer about OpenTelemetry's fix. We'll pursue that. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66627] Regression due to MessageBytes refactoring
https://bz.apache.org/bugzilla/show_bug.cgi?id=66627 --- Comment #1 from Mark Thomas --- The assumption in CoyoteAdater is still valid - assuming no-one is calling Tomcat internals. As soon as components start accessing Tomcat internals then all sorts of things can go wrong unless those components do so very carefully. Open Telemetry fixed this 9 months ago: https://github.com/open-telemetry/opentelemetry-java-instrumentation/commit/e526338fc3e0a172b74f0ced5b76cc47947bea88 It is a fair point about the change in behaviour of getType(). Not changing the type on a conversion shouldn't have any functional impact but that needs checking and it might have performance impacts. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M7
On Fri, Jun 2, 2023 at 9:18 AM Mark Thomas wrote: > The proposed Apache Tomcat 11.0.0-M7 release is now available for > voting. > > Apache Tomcat 11.0.0-M7 is a milestone release of the 11.0.x branch and > has been made to provide users with early access to the new features in > Apache Tomcat 11.0.x so that they may provide feedback. The notable > changes compared to the previous milestone include: > > - The minimum Java version has been increased to Java 21. > > - Add support for virtual threads. > > - Add RateLimitFilter which can be used to mitigate DoS and Brute Force >attacks. > > - Update Tomcat Native to 2.0.4 which includes binaries for Windows >built with OpenSSL 3.0.9. > > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M7/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1437 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.0-M7 > eb9d5f0b70a1b84fa18af30eaf358cfa9e4b87ae > > > The proposed 11.0.0-M7 release is: > [ ] -1 Broken - do not release > [X] +1 Alpha - go ahead and release as 11.0.0-M7 > +1 Igal > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 8.5.90
On Fri, Jun 2, 2023 at 11:08 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > The proposed Apache Tomcat 8.5.90 release is now available for voting. > > The notable changes compared to 8.5.89 are: > > - Add support for virtual threads. (Java 21+ only) > > - Update HTTP/2 to use the RFC-9218 prioritization scheme. > > - Deprecate the xssProtectionEnabled from HttpHeaderSecurityFilter >and set the default value to false. > > - Update Tomcat Native to 1.2.37 which includes binaries for Windows >built with OpenSSL 1.1.1u. > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.90/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1438 > > The tag is: > https://github.com/apache/tomcat/tree/8.5.90/ > 136713c528bfcd31563c1e7b7685d4983bb3559c > > The proposed 8.5.90 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.90 (stable) > +1 Unit tests pass except for org.apache.catalina.mapper.TestMapperWebapps but that one has been failing before on my system. Igal > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
[Bug 66631] Consider moving module-info.class to META-INF/versions/9
https://bz.apache.org/bugzilla/show_bug.cgi?id=66631 --- Comment #3 from Michael Osipov --- I have raised https://github.com/bndtools/bnd/issues/5687. Let's see what they say. A workaround is to unpack JARs, move the class and repack :-( -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66631] Consider moving module-info.class to META-INF/versions/9
https://bz.apache.org/bugzilla/show_bug.cgi?id=66631 --- Comment #2 from Michael Osipov --- (In reply to Mark Thomas from comment #1) > Yes, this applies to most of the Tomcat 9 JARs. > > Tomcat uses BND to insert the module-info.class file. > > A review of the BND documentation and source code indicates the location of > the file is hard coded (so is the class version but that has to be >= Java 9 > to specify the module). > > Including a module-info.class file in a JAR otherwise compiled for Java 8 is > a fairly common approach to initial JPMS support. I wonder if updating the > logic in the Maven Project Info Reports Plugin to account for this wouldn't > be a better approach. > > Another option would be requesting BND to add an option to insert > module-info.class under META-INF/versions/9 but I'm not sure "so the Maven > Project Info Reports Plugin gets the right answer" would be a sufficient > justification to get that implemented. Thanks, Mark. MPIR with Maven Shared JAR was just an example of class file analyzers. There are likely others which might trip over this and report the entire JAR as Java 9 which it isn't obviously. I'd like to get this solved rather in BND than Maven Shared JAR which is just the affected downstream analyzer library. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66631] Consider moving module-info.class to META-INF/versions/9
https://bz.apache.org/bugzilla/show_bug.cgi?id=66631 --- Comment #1 from Mark Thomas --- Yes, this applies to most of the Tomcat 9 JARs. Tomcat uses BND to insert the module-info.class file. A review of the BND documentation and source code indicates the location of the file is hard coded (so is the class version but that has to be >= Java 9 to specify the module). Including a module-info.class file in a JAR otherwise compiled for Java 8 is a fairly common approach to initial JPMS support. I wonder if updating the logic in the Maven Project Info Reports Plugin to account for this wouldn't be a better approach. Another option would be requesting BND to add an option to insert module-info.class under META-INF/versions/9 but I'm not sure "so the Maven Project Info Reports Plugin gets the right answer" would be a sufficient justification to get that implemented. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66631] Consider moving module-info.class to META-INF/versions/9
https://bz.apache.org/bugzilla/show_bug.cgi?id=66631 Michael Osipov changed: What|Removed |Added CC||micha...@apache.org -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66631] New: Consider moving module-info.class to META-INF/versions/9
https://bz.apache.org/bugzilla/show_bug.cgi?id=66631 Bug ID: 66631 Summary: Consider moving module-info.class to META-INF/versions/9 Product: Tomcat 9 Version: 9.0.75 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Packaging Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: - Created attachment 38580 --> https://bz.apache.org/bugzilla/attachment.cgi?id=38580&action=edit Report output While working on a library upgrade to Tomcat 9 Maven Shared JAR in Maven Project Info Reports Plugin dependencies goal lists all Tomcat 9 JARs as Java 9 requirement because of: osipovmi@deblndw011x:~/.m2/repository/org/apache/tomcat/tomcat-jni/9.0.75 $ tar tzf tomcat-jni-9.0.75.jar | grep module-info.class module-info.class because this one uses Java 9 BC while rest is on 8. According to https://docs.oracle.com/en/java/javase/20/docs/specs/jar/jar.html, the following is possible: A modular multi-release JAR file is a multi-release JAR file that has a module descriptor, module-info.class, in the top-level directory (as for a modular JAR file), or directly in a versioned directory. My request is to move this file to META-INF/versions/9 To give class analyzers a chance to properly process classes and group them by version. Related: https://github.com/apache/maven-shared-jar/pull/21 Note: I assume that this applies to all Tomcat 9 JARs. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: confirm subscribe to dev@tomcat.apache.org
Koti, On 6/7/23 08:22, koteswara Rao Gundapaneni wrote: Please change my email address to koti.gundapan...@tomcat.apache.org 1. Send an unsubscribe from koti.gundapan...@gmail.com 2. You can't have koti.gundapan...@tomcat.apache.org 3. Maybe subscribe from koti.gundapaneni+tom...@gmail.com? -chris On Fri, 28 Apr 2023, 14:19 , wrote: Hi! This is the ezmlm program. I'm managing the dev@tomcat.apache.org mailing list. I'm working for my owner, who can be reached at dev-ow...@tomcat.apache.org. To confirm that you would like koti.gundapan...@gmail.com added to the dev mailing list, please send a short reply to this address: dev-sc.1682671761.hehjfigkkaadogifpkki-koti.gundapaneni= gmail@tomcat.apache.org Usually, this happens when you just hit the "reply" button. If this does not work, simply copy the address and paste it into the "To:" field of a new message. or click here: mailto:dev-sc.1682671761.hehjfigkkaadogifpkki-koti.gundapaneni= gmail@tomcat.apache.org This confirmation serves two purposes. First, it verifies that I am able to get mail through to you. Second, it protects you in case someone forges a subscription request in your name. Please note that ALL Apache dev- and user- mailing lists are publicly archived. Do familiarize yourself with Apache's public archive policy at http://www.apache.org/foundation/public-archives.html prior to subscribing and posting messages to dev@tomcat.apache.org. If you're not sure whether or not the policy applies to this mailing list, assume it does unless the list name contains the word "private" in it. Some mail programs are broken and cannot handle long addresses. If you cannot reply to this request, instead send a message to and put the entire address listed above into the "Subject:" line. --- Administrative commands for the dev list --- I can handle administrative requests automatically. Please do not send them to the list address! Instead, send your message to the correct command address: To subscribe to the list, send a message to: To remove your address from the list, send a message to: Send mail to the following for info and FAQ for this list: Similar addresses exist for the digest list: To get messages 123 through 145 (a maximum of 100 per request), mail: To get an index with subject and author for messages 123-456 , mail: They are always returned as sets of 100, max 2000 per request, so you'll actually get 100-499. To receive all messages with the same subject as message 12345, send a short message to: The messages should contain one line or word of text to avoid being treated as sp@m, but I will ignore their content. Only the ADDRESS you send to is important. You can start a subscription for an alternate address, for example "john@host.domain", just add a hyphen and your address (with '=' instead of '@') after the command word: To stop subscription for this address, mail: In both cases, I'll send a confirmation message to that address. When you receive it, simply reply to it to complete your subscription. If despite following these instructions, you do not get the desired results, please contact my owner at dev-ow...@tomcat.apache.org. Please be patient, my owner is a lot slower than I am ;-) --- Enclosed is a copy of the request I received. Return-Path: Received: (qmail 3559806 invoked by uid 116); 28 Apr 2023 08:49:20 - Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.94) with ESMTP; Fri, 28 Apr 2023 08:49:20 + Authentication-Results: apache.org; auth=none Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id B59761FF67E for ; Fri, 28 Apr 2023 08:49:20 + (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: -5.002 X-Spam-Level: X-Spam-Status: No, score=-5.002 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id BKW64yWLz1pK for ; Fri, 28 Apr 2023 08:49:20 + (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.208.43; helo=mail-ed1-f43.google.com; envelope-from=koti.gundapan...@gmail.com; receiver= Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id F3290BDCDB for ; Fri, 2
[tomcat] branch 8.5.x updated: Improve error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 81c6ff9301 Improve error handling
81c6ff9301 is described below
commit 81c6ff9301429d3ea7b9bfc5f479852d4a84363a
Author: Mark Thomas
AuthorDate: Wed Jun 7 13:50:25 2023 +0100
Improve error handling
Should address recent intermittent CI failures for some WebSocket tests
(at least it does on my laptop that exhibited the same failures)
---
java/org/apache/tomcat/websocket/server/WsFrameServer.java | 3 ++-
webapps/docs/changelog.xml | 8
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
index fd4da3d44a..c0eb9e8b62 100644
--- a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
+++ b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
@@ -73,7 +73,8 @@ public class WsFrameServer extends WsFrameBase {
inputBuffer.position(inputBuffer.limit()).limit(inputBuffer.capacity());
int read = socketWrapper.read(false, inputBuffer);
inputBuffer.limit(inputBuffer.position()).reset();
-if (read < 0) {
+// Some error conditions in NIO2 will trigger a return of zero and
close the socket
+if (read < 0 || socketWrapper.isClosed()) {
throw new EOFException();
} else if (read == 0) {
return;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5815df9289..0dbe05d39c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,6 +114,14 @@
+
+
+
+Improve handling of error conditions for the WebSocket server,
+particularly during Tomcat shutdown. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Improve error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 300a482b62 Improve error handling
300a482b62 is described below
commit 300a482b62988140cd7b86fa2d64f2f7dad43f2a
Author: Mark Thomas
AuthorDate: Wed Jun 7 13:50:25 2023 +0100
Improve error handling
Should address recent intermittent CI failures for some WebSocket tests
(at least it does on my laptop that exhibited the same failures)
---
java/org/apache/tomcat/websocket/server/WsFrameServer.java | 3 ++-
webapps/docs/changelog.xml | 8
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
index fd4da3d44a..c0eb9e8b62 100644
--- a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
+++ b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
@@ -73,7 +73,8 @@ public class WsFrameServer extends WsFrameBase {
inputBuffer.position(inputBuffer.limit()).limit(inputBuffer.capacity());
int read = socketWrapper.read(false, inputBuffer);
inputBuffer.limit(inputBuffer.position()).reset();
-if (read < 0) {
+// Some error conditions in NIO2 will trigger a return of zero and
close the socket
+if (read < 0 || socketWrapper.isClosed()) {
throw new EOFException();
} else if (read == 0) {
return;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f60001fc8c..f72cf7ac37 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,6 +114,14 @@
+
+
+
+Improve handling of error conditions for the WebSocket server,
+particularly during Tomcat shutdown. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Improve error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new e9b5ebf1d5 Improve error handling
e9b5ebf1d5 is described below
commit e9b5ebf1d5ac3c1af01b92c5e45e8463446d636a
Author: Mark Thomas
AuthorDate: Wed Jun 7 13:50:25 2023 +0100
Improve error handling
Should address recent intermittent CI failures for some WebSocket tests
(at least it does on my laptop that exhibited the same failures)
---
java/org/apache/tomcat/websocket/server/WsFrameServer.java | 3 ++-
webapps/docs/changelog.xml | 8
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
index fd4da3d44a..c0eb9e8b62 100644
--- a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
+++ b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
@@ -73,7 +73,8 @@ public class WsFrameServer extends WsFrameBase {
inputBuffer.position(inputBuffer.limit()).limit(inputBuffer.capacity());
int read = socketWrapper.read(false, inputBuffer);
inputBuffer.limit(inputBuffer.position()).reset();
-if (read < 0) {
+// Some error conditions in NIO2 will trigger a return of zero and
close the socket
+if (read < 0 || socketWrapper.isClosed()) {
throw new EOFException();
} else if (read == 0) {
return;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e0958525f1..d60a4115e5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,6 +114,14 @@
+
+
+
+Improve handling of error conditions for the WebSocket server,
+particularly during Tomcat shutdown. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Improve error handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a2c34d6569 Improve error handling
a2c34d6569 is described below
commit a2c34d6569f2b959413b06852d7a957ff9e9c39d
Author: Mark Thomas
AuthorDate: Wed Jun 7 13:50:25 2023 +0100
Improve error handling
Should address recent intermittent CI failures for some WebSocket tests
(at least it does on my laptop that exhibited the same failures)
---
java/org/apache/tomcat/websocket/server/WsFrameServer.java | 3 ++-
webapps/docs/changelog.xml | 8
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
index fd4da3d44a..c0eb9e8b62 100644
--- a/java/org/apache/tomcat/websocket/server/WsFrameServer.java
+++ b/java/org/apache/tomcat/websocket/server/WsFrameServer.java
@@ -73,7 +73,8 @@ public class WsFrameServer extends WsFrameBase {
inputBuffer.position(inputBuffer.limit()).limit(inputBuffer.capacity());
int read = socketWrapper.read(false, inputBuffer);
inputBuffer.limit(inputBuffer.position()).reset();
-if (read < 0) {
+// Some error conditions in NIO2 will trigger a return of zero and
close the socket
+if (read < 0 || socketWrapper.isClosed()) {
throw new EOFException();
} else if (read == 0) {
return;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4e55d004f0..d588713061 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,6 +114,14 @@
+
+
+
+Improve handling of error conditions for the WebSocket server,
+particularly during Tomcat shutdown. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: confirm subscribe to dev@tomcat.apache.org
Please change my email address to koti.gundapan...@tomcat.apache.org Regards Koti On Fri, 28 Apr 2023, 14:19 , wrote: > Hi! This is the ezmlm program. I'm managing the > dev@tomcat.apache.org mailing list. > > I'm working for my owner, who can be reached > at dev-ow...@tomcat.apache.org. > > To confirm that you would like > >koti.gundapan...@gmail.com > > added to the dev mailing list, please send > a short reply to this address: > >dev-sc.1682671761.hehjfigkkaadogifpkki-koti.gundapaneni= > gmail@tomcat.apache.org > > Usually, this happens when you just hit the "reply" button. > If this does not work, simply copy the address and paste it into > the "To:" field of a new message. > > or click here: > mailto:dev-sc.1682671761.hehjfigkkaadogifpkki-koti.gundapaneni= > gmail@tomcat.apache.org > > This confirmation serves two purposes. First, it verifies that I am able > to get mail through to you. Second, it protects you in case someone > forges a subscription request in your name. > > Please note that ALL Apache dev- and user- mailing lists are publicly > archived. Do familiarize yourself with Apache's public archive policy at > > http://www.apache.org/foundation/public-archives.html > > prior to subscribing and posting messages to dev@tomcat.apache.org. > If you're not sure whether or not the policy applies to this mailing list, > assume it does unless the list name contains the word "private" in it. > > Some mail programs are broken and cannot handle long addresses. If you > cannot reply to this request, instead send a message to > and put the > entire address listed above into the "Subject:" line. > > > --- Administrative commands for the dev list --- > > I can handle administrative requests automatically. Please > do not send them to the list address! Instead, send > your message to the correct command address: > > To subscribe to the list, send a message to: > > > To remove your address from the list, send a message to: > > > Send mail to the following for info and FAQ for this list: > > > > Similar addresses exist for the digest list: > > > > To get messages 123 through 145 (a maximum of 100 per request), mail: > > > To get an index with subject and author for messages 123-456 , mail: > > > They are always returned as sets of 100, max 2000 per request, > so you'll actually get 100-499. > > To receive all messages with the same subject as message 12345, > send a short message to: > > > The messages should contain one line or word of text to avoid being > treated as sp@m, but I will ignore their content. > Only the ADDRESS you send to is important. > > You can start a subscription for an alternate address, > for example "john@host.domain", just add a hyphen and your > address (with '=' instead of '@') after the command word: > > > To stop subscription for this address, mail: > > > In both cases, I'll send a confirmation message to that address. When > you receive it, simply reply to it to complete your subscription. > > If despite following these instructions, you do not get the > desired results, please contact my owner at > dev-ow...@tomcat.apache.org. Please be patient, my owner is a > lot slower than I am ;-) > > --- Enclosed is a copy of the request I received. > > Return-Path: > Received: (qmail 3559806 invoked by uid 116); 28 Apr 2023 08:49:20 - > Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) > (116.203.196.100) > by apache.org (qpsmtpd/0.94) with ESMTP; Fri, 28 Apr 2023 08:49:20 + > Authentication-Results: apache.org; auth=none > Received: from localhost (localhost [127.0.0.1]) > by spamproc1-he-de.apache.org (ASF Mail Server at > spamproc1-he-de.apache.org) with ESMTP id B59761FF67E > for ; Fri, 28 Apr 2023 08:49:20 > + (UTC) > X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org > X-Spam-Flag: NO > X-Spam-Score: -5.002 > X-Spam-Level: > X-Spam-Status: No, score=-5.002 tagged_above=-999 required=6.31 > tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, > DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_HI=-5, > RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled > Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); > dkim=pass (2048-bit key) header.d=gmail.com > Received: from mx1-ec2-va.apache.org ([116.203.227.195]) > by localhost (spamproc1-he-de.apache.org [116.203.196.100]) > (amavisd-new, port 10024) > with ESMTP id BKW64yWLz1pK for ; > Fri, 28 Apr 2023 08:49:20 + (UTC) > Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.208.43; > helo=mail-ed1-f43.google.com; envelope-from=koti.gundapan...@gmail.com; > receiver= > Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com > [209.85.208.43]) > by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) > with ESMTPS id F3290BDCDB > for ; Fri, 28 A
[tomcat] branch 8.5.x updated: Fix symlink edge case
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 5b44a238cf Fix symlink edge case
5b44a238cf is described below
commit 5b44a238cfef8e41ad7594dbbe1857775eda9a19
Author: Mark Thomas
AuthorDate: Wed Jun 7 09:49:49 2023 +0100
Fix symlink edge case
---
.../apache/catalina/webresources/AbstractFileResourceSet.java| 5 +
webapps/docs/changelog.xml | 9 +
2 files changed, 14 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index e910e65118..019bb908f4 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -117,6 +117,11 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
absPath = absPath.substring(absoluteBase.length());
canPath = canPath.substring(canonicalBase.length());
+// The remaining request path must start with '/' if it has non-zero
length
+if (canPath.length() > 0 && canPath.charAt(0) != '/') {
+return null;
+}
+
// Case sensitivity check
// The normalized requested path should be an exact match the
equivalent
// canonical path. If it is not, possible reasons include:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c26c866625..5815df9289 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Fix an edge case where intra-web application symlinks would be followed
+if the web applications were deliberately crafted to allow it even when
+allowLinking was set to false. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix symlink edge case
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new ba089ab465 Fix symlink edge case
ba089ab465 is described below
commit ba089ab465af71f41dbcc910fbcc9cdef83d5cb2
Author: Mark Thomas
AuthorDate: Wed Jun 7 09:49:49 2023 +0100
Fix symlink edge case
---
.../apache/catalina/webresources/AbstractFileResourceSet.java| 5 +
webapps/docs/changelog.xml | 9 +
2 files changed, 14 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index e910e65118..019bb908f4 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -117,6 +117,11 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
absPath = absPath.substring(absoluteBase.length());
canPath = canPath.substring(canonicalBase.length());
+// The remaining request path must start with '/' if it has non-zero
length
+if (canPath.length() > 0 && canPath.charAt(0) != '/') {
+return null;
+}
+
// Case sensitivity check
// The normalized requested path should be an exact match the
equivalent
// canonical path. If it is not, possible reasons include:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4b8bbfdae5..f60001fc8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Fix an edge case where intra-web application symlinks would be followed
+if the web applications were deliberately crafted to allow it even when
+allowLinking was set to false. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Fix symlink edge case
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new b5069d405b Fix symlink edge case
b5069d405b is described below
commit b5069d405b9956c741b4f43ced6862e258e9210b
Author: Mark Thomas
AuthorDate: Wed Jun 7 09:49:49 2023 +0100
Fix symlink edge case
---
.../apache/catalina/webresources/AbstractFileResourceSet.java| 5 +
webapps/docs/changelog.xml | 9 +
2 files changed, 14 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index e910e65118..019bb908f4 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -117,6 +117,11 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
absPath = absPath.substring(absoluteBase.length());
canPath = canPath.substring(canonicalBase.length());
+// The remaining request path must start with '/' if it has non-zero
length
+if (canPath.length() > 0 && canPath.charAt(0) != '/') {
+return null;
+}
+
// Case sensitivity check
// The normalized requested path should be an exact match the
equivalent
// canonical path. If it is not, possible reasons include:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index fec9209019..e0958525f1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Fix an edge case where intra-web application symlinks would be followed
+if the web applications were deliberately crafted to allow it even when
+allowLinking was set to false. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix symlink edge case
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9390a1e936 Fix symlink edge case
9390a1e936 is described below
commit 9390a1e936dad4b4c29946e808fc9e9b7c53d1f7
Author: Mark Thomas
AuthorDate: Wed Jun 7 09:49:49 2023 +0100
Fix symlink edge case
---
.../apache/catalina/webresources/AbstractFileResourceSet.java| 5 +
webapps/docs/changelog.xml | 9 +
2 files changed, 14 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index e910e65118..019bb908f4 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -117,6 +117,11 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
absPath = absPath.substring(absoluteBase.length());
canPath = canPath.substring(canonicalBase.length());
+// The remaining request path must start with '/' if it has non-zero
length
+if (canPath.length() > 0 && canPath.charAt(0) != '/') {
+return null;
+}
+
// Case sensitivity check
// The normalized requested path should be an exact match the
equivalent
// canonical path. If it is not, possible reasons include:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 13aa77effd..4e55d004f0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Fix an edge case where intra-web application symlinks would be followed
+if the web applications were deliberately crafted to allow it even when
+allowLinking was set to false. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
