https://issues.apache.org/bugzilla/show_bug.cgi?id=46984
Summary: Server incorrectly reports a 501 error on bad method name. Should report 400 error. Product: Tomcat 5 Version: 5.5.27 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P3 Component: Connector:HTTP AssignedTo: dev@tomcat.apache.org ReportedBy: jsm...@infotrustgroup.com I managed to send a corrupt data stream to Tomcat. The result was that the method name turned out to be '0\n\n0\n\n0\n\nPOST'. This was actually the method name that was returned to the servlet's .service(request, response) method by Tomcat. The error message returned back to the client was: java.io.IOException: Server returned HTTP response code: 501 for URL: http://localhost/method-bug/bug at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1305) at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(HttpURLConnection.java:2187) The 501 error indicates that the method is not implemented or not supported. While this is somewhat true, there is a more applicable error message. The 501 error is confusing, in that it indicates a valid method name was received. In this case, the method name was formed with invalid characters (numbers and carriage returns). The correct behavior is that Tomcat should detect the bad/invalid/malformed method name and throw a 400 error, bad request. The offending code is in org.apache.coyote.http11.InternalInputBuffer. The parseRequestLine code is naive. It starts by skipping blank lines, then puts EVERYTHING up until the next 'space' character into the method name, including carriage returns, special characters, numbers, etc. Correct behavior is that it should detect an invalid method name (according to the spec) at this point, and throw error 400 (I think 400 is correct). public void parseRequestLine() throws IOException { int start = 0; // // Skipping blank lines // byte chr = 0; do { // Read new bytes if needed if (pos >= lastValid) { if (!fill()) throw new EOFException(sm.getString("iib.eof.error")); } chr = buf[pos++]; } while ((chr == Constants.CR) || (chr == Constants.LF)); pos--; // Mark the current buffer position start = pos; // // Reading the method name // Method name is always US-ASCII // boolean space = false; while (!space) { // Read new bytes if needed if (pos >= lastValid) { if (!fill()) throw new EOFException(sm.getString("iib.eof.error")); } ascbuf[pos] = (char) buf[pos]; // Spec says single SP but it also says be tolerant of HT if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; request.method().setChars(ascbuf, start, pos - start); } pos++; } -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org