Re: [VOTE] Release Apache Tomcat 8.5.21

[Martin Grigorov]

On Thu, Sep 14, 2017 at 12:02 AM, Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.21 release is now available for voting.
>
> The major changes compared to the 8.5.20 release are:
>
> - Additional capabilities for the CGI Servlet. Based on patches provided
>   by jm009.
>
> - Added support for the OpenSSL SSL_CONF API. To support this the
>   minimum required Tomcat Native version is 1.2.14.
>
> Along with lots of other bug fixes and improvements.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.21/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1153/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_21/
>
> The proposed 8.5.21 release is:
> [ ] Broken - do not release
> [ X ] Stable - go ahead and release as 8.5.21
>
>
Regards,
Martin


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.0.M27

[Martin Grigorov]

On Wed, Sep 13, 2017 at 9:49 PM, Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.0.M27 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - It is not known if there will be a minor maintenance release for
>   JSP 2.4, EL 3.1 or WebSocket 1.2
>
> The major changes compared to the 9.0.0.M26 release are:
>
> - Additional capabilities for the CGI Servlet. Based on patches provided
>   by jm009.
>
> - Added support for the OpenSSL SSL_CONF API. To support this the
>   minimum required Tomcat Native version is 1.2.14.
>
> Along with lots of other bug fixes and improvements.
>
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M27/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1152/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M27/
>
> The proposed 9.0.0.M27 release is:
> [ ] Broken - do not release
> [ X ] Alpha - go ahead and release as 9.0.0.M27
>

Regards,
Martin


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: svn commit: r1808766 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11Processor.java java/org/apache/coyote/http11/LocalStrings.properties test/org/apache/coyote/http11/TestHttp11Processor.

[Mark Thomas]

On 18/09/17 20:33, ma...@apache.org wrote:
> Author: markt
> Date: Mon Sep 18 19:33:18 2017
> New Revision: 1808766
> 
> URL: http://svn.apache.org/viewvc?rev=1808766=rev
> Log:
> Implement various Host header checks required by RFC 7230

Before I go any further with this work (I want to plug in the Host name
parser I wrote ~6 months ago) I wanted to get some feedback on these checks.

> - Host header must be present for HTTP/1.1 requests
> - multiple host headers are invalid

The new Tomcat behaviour (reject with 400) is consistent with httpd for
the above 2 tests.

> - if the request line include the host, it must match the host header

This goes further than httpd does (at the moment). Note RFC 2616 says in
this case the request line takes precedence (which is what httpd does)
and the old Tomcat code did. RFC 7230 says they must match.


I'm wondering which, if any, of the above tests we might want to make
optional in 9.0.x. I'm less concerned about the first 2 tests since the
behaviour is consistent with httpd. I am wondering about making the 3rd
test optional but enabled by default for 9.0.x. When the test is
disabled, the request line value would take precedence as it did before
this fix.

I'm also thinking about the same questions for 8.5.x, 8.0.x and 7.0.x.
My current thinking is as 9.0.x but change the default for the 3rd test
to disabled.

Thoughts? Comments?

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1808766 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11Processor.java java/org/apache/coyote/http11/LocalStrings.properties test/org/apache/coyote/http11/TestHttp11Processor.java

[markt]

Author: markt
Date: Mon Sep 18 19:33:18 2017
New Revision: 1808766

URL: http://svn.apache.org/viewvc?rev=1808766=rev
Log:
Implement various Host header checks required by RFC 7230
- Host header must be present for HTTP/1.1 requests
- multiple host headers are invalid
- if the request line include the host, it must match the host header

Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
tomcat/trunk/test/org/apache/coyote/http11/TestHttp11Processor.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1808766=1808765=1808766=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Mon Sep 18 
19:33:18 2017
@@ -725,6 +725,30 @@ public class Http11Processor extends Abs
 }
 }
 
+
+// Check host header
+MessageBytes hostValueMB = null;
+try {
+hostValueMB = headers.getUniqueValue("host");
+} catch (IllegalArgumentException iae) {
+// Multiple Host headers are not permitted
+// 400 - Bad request
+response.setStatus(400);
+setErrorState(ErrorState.CLOSE_CLEAN, null);
+if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.multipleHosts"));
+}
+}
+if (http11 && hostValueMB == null) {
+// 400 - Bad request
+response.setStatus(400);
+setErrorState(ErrorState.CLOSE_CLEAN, null);
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("http11processor.request.prepare")+
+  " host header missing");
+}
+}
+
 // Check for a full URI (including protocol://host:port/)
 ByteChunk uriBC = request.requestURI().getByteChunk();
 if (uriBC.startsWithIgnoreCase("http", 0)) {
@@ -733,21 +757,44 @@ public class Http11Processor extends Abs
 int uriBCStart = uriBC.getStart();
 int slashPos = -1;
 if (pos != -1) {
+pos += 3;
 byte[] uriB = uriBC.getBytes();
-slashPos = uriBC.indexOf('/', pos + 3);
+slashPos = uriBC.indexOf('/', pos);
+int atPos = uriBC.indexOf('@', pos);
 if (slashPos == -1) {
 slashPos = uriBC.getLength();
 // Set URI as "/"
 request.requestURI().setBytes
-(uriB, uriBCStart + pos + 1, 1);
+(uriB, uriBCStart + pos - 2, 1);
 } else {
 request.requestURI().setBytes
 (uriB, uriBCStart + slashPos,
  uriBC.getLength() - slashPos);
 }
-MessageBytes hostMB = headers.setValue("host");
-hostMB.setBytes(uriB, uriBCStart + pos + 3,
-slashPos - pos - 3);
+// Skip any user info
+if (atPos != -1) {
+pos = atPos + 1;
+}
+if (http11) {
+// Missing host header is illegal but handled above
+if (hostValueMB != null) {
+// Any host in the request line must be consistent with
+// the Host header
+if (!hostValueMB.getByteChunk().equals(
+uriB, uriBCStart + pos, slashPos - pos)) {
+response.setStatus(400);
+setErrorState(ErrorState.CLOSE_CLEAN, null);
+if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.inconsistentHosts"));
+}
+}
+}
+} else {
+// Not HTTP/1.1 - no Host header so generate one since
+// Tomcat internals assume it is set
+hostValueMB = headers.setValue("host");
+hostValueMB.setBytes(uriB, uriBCStart + pos, slashPos - 
pos);
+}
 }
 }
 
@@ -792,20 +839,7 @@ public class Http11Processor extends Abs
 }
 }
 
-MessageBytes valueMB = headers.getValue("host");
-
-// Check host header
-if (http11 && (valueMB == null)) {
-// 400 - Bad request
-response.setStatus(400);
-setErrorState(ErrorState.CLOSE_CLEAN, null);
-if 

Re: [VOTE] Release Apache Tomcat 9.0.0.M27

[Felix Schumacher]

Am 13.09.2017 um 20:49 schrieb Mark Thomas:

The proposed Apache Tomcat 9.0.0.M27 release is now available for voting.

This is a milestone release for the 9.0.x branch. It should be
noted that, as a milestone release:
- Servlet 4.0 is not finalised
- It is not known if there will be a minor maintenance release for
   JSP 2.4, EL 3.1 or WebSocket 1.2

The major changes compared to the 9.0.0.M26 release are:

- Additional capabilities for the CGI Servlet. Based on patches provided
   by jm009.

- Added support for the OpenSSL SSL_CONF API. To support this the
   minimum required Tomcat Native version is 1.2.14.

Along with lots of other bug fixes and improvements.


For full details, see the changelog:
http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M27/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1152/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M27/

The proposed 9.0.0.M27 release is:
[ ] Broken - do not release
[x] Alpha - go ahead and release as 9.0.0.M27


Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.21

[Felix Schumacher]

Am 13.09.2017 um 23:02 schrieb Mark Thomas:

The proposed Apache Tomcat 8.5.21 release is now available for voting.

The major changes compared to the 8.5.20 release are:

- Additional capabilities for the CGI Servlet. Based on patches provided
   by jm009.

- Added support for the OpenSSL SSL_CONF API. To support this the
   minimum required Tomcat Native version is 1.2.14.

Along with lots of other bug fixes and improvements.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.21/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1153/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_21/

The proposed 8.5.21 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 8.5.21


Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1808761 - in /tomcat/trunk/test/org/apache: catalina/connector/ catalina/core/ coyote/http11/

[markt]

Author: markt
Date: Mon Sep 18 18:54:39 2017
New Revision: 1808761

URL: http://svn.apache.org/viewvc?rev=1808761=rev
Log:
Fix various tests that break when stricter Host header validation (comming 
soon) is applied.

Modified:
tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java
tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java
tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java
tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
tomcat/trunk/test/org/apache/coyote/http11/TestHttp11Processor.java

Modified: tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java?rev=1808761=1808760=1808761=diff
==
--- tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java (original)
+++ tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java Mon Sep 18 
18:54:39 2017
@@ -216,6 +216,7 @@ public class TestRequest extends TomcatB
 if (ucChunkedHead) {
 request[0] =
 "POST http://localhost:8080/test HTTP/1.1" + CRLF +
+"Host: localhost:8080" + CRLF +
 "content-type: application/x-www-form-urlencoded" + 
CRLF +
 "Transfer-Encoding: CHUNKED" + CRLF +
 "Connection: close" + CRLF +
@@ -225,6 +226,7 @@ public class TestRequest extends TomcatB
 } else {
 request[0] =
 "POST http://localhost:8080/test HTTP/1.1" + CRLF +
+"Host: localhost:8080" + CRLF +
 "content-type: application/x-www-form-urlencoded" + 
CRLF +
 "Transfer-Encoding: chunked" + CRLF +
 "Connection: close" + CRLF +
@@ -594,7 +596,7 @@ public class TestRequest extends TomcatB
  method + " http://localhost:; + getPort() + "/echo"
  + (null == queryString ? "" : ("?" + queryString))
  + " HTTP/1.1" + CRLF
- + "Host: localhost" + CRLF
+ + "Host: localhost:" + getPort() + CRLF
  + (null == contentType ? ""
 : ("Content-Type: " + contentType + CRLF))
  + "Connection: close" + CRLF

Modified: tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java?rev=1808761=1808760=1808761=diff
==
--- tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java 
(original)
+++ tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java Mon Sep 
18 18:54:39 2017
@@ -771,7 +771,7 @@ public class TestStandardContext extends
 
 request = new String[] {
 "POST http://localhost:; + getPort() + uri + " 
HTTP/1.1" + CRLF
-+ "Host: localhost" + CRLF
++ "Host: localhost:" + getPort() + CRLF
 + "Connection: close" + CRLF
 + "Content-Type: multipart/form-data; boundary=" + 
boundary + CRLF
 + "Content-Length: " + content.length() + CRLF
@@ -779,12 +779,10 @@ public class TestStandardContext extends
 + content
 + CRLF
 };
-}
-else
-{
+} else {
 request = new String[] {
 "GET http://localhost:; + getPort() + uri + " 
HTTP/1.1" + CRLF
-+ "Host: localhost" + CRLF
++ "Host: localhost:" + getPort() + CRLF
 + "Connection: close" + CRLF
 + CRLF
 };

Modified: 
tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java?rev=1808761=1808760=1808761=diff
==
--- tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java 
(original)
+++ tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java 
Mon Sep 18 18:54:39 2017
@@ -293,7 +293,7 @@ public class TestSwallowAbortedUploads e
 "ASCII");
 
 request = new String[] { "POST http://localhost:; + getPort() 
+ URI + " HTTP/1.1" + CRLF
-+ "Host: localhost" + CRLF
++ "Host: localhost:" + getPort() + CRLF
 + "Connection: close" + 

buildbot success in on tomcat-7-trunk

[buildbot]

The Buildbot has detected a restored build on builder tomcat-7-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-7-trunk/builds/874

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1808740
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1808740 - /tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java

[markt]

Author: markt
Date: Mon Sep 18 16:13:46 2017
New Revision: 1808740

URL: http://svn.apache.org/viewvc?rev=1808740=rev
Log:
Unit tests always compile with Java 6 so avoid Java 7 features.
This is simpler than refactoring the build scripts to build the WebSocket unit 
tests with Java 7.

Modified:

tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java

Modified: 
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java?rev=1808740=1808739=1808740=diff
==
--- 
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java
 Mon Sep 18 16:13:46 2017
@@ -18,7 +18,7 @@ package org.apache.tomcat.websocket;
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
-import java.nio.charset.StandardCharsets;
+import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -31,6 +31,13 @@ import org.junit.Test;
 public class TestPerMessageDeflate {
 
 /*
+ * This replaces StandardCharsets.UTF_8 as that requires Java 7 and this is
+ * simpler than refactoring the build script to build the WebSocket unit
+ * tests with Java 7.
+ */
+private static final Charset UTF_8 = Charset.forName("UTF-8");
+
+/*
  * https://bz.apache.org/bugzilla/show_bug.cgi?id=61491
  */
 @Test
@@ -44,14 +51,14 @@ public class TestPerMessageDeflate {
 PerMessageDeflate perMessageDeflate = 
PerMessageDeflate.negotiate(preferences, true);
 perMessageDeflate.setNext(new TesterTransformation());
 
-ByteBuffer bb1 = ByteBuffer.wrap("A".getBytes(StandardCharsets.UTF_8));
+ByteBuffer bb1 = ByteBuffer.wrap("A".getBytes(UTF_8));
 MessagePart mp1 = new MessagePart(true, 0, Constants.OPCODE_TEXT, bb1, 
null, null);
 
 List uncompressedParts1 = new ArrayList();
 uncompressedParts1.add(mp1);
 perMessageDeflate.sendMessagePart(uncompressedParts1);
 
-ByteBuffer bb2 = ByteBuffer.wrap("".getBytes(StandardCharsets.UTF_8));
+ByteBuffer bb2 = ByteBuffer.wrap("".getBytes(UTF_8));
 MessagePart mp2 = new MessagePart(true, 0, Constants.OPCODE_TEXT, bb2, 
null, null);
 
 List uncompressedParts2 = new ArrayList();



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61524] NullPointerException in Http11OutputBuffer

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61524

--- Comment #2 from Boris Petrov  ---
Hello, I'm trying to reproduce it but that proves to be difficult.

A few things that I noticed while trying stuff: as I said, this happens when we
return "tiff" images as blobs. It happens when I open a simple page which has
only a single  tag in it with the link to the tiff image. It blows up when
I open this page in Chrome and Firefox. Doesn't blow up in Safari. Doesn't blow
up when I hit the link to the image with curl and wget. The interesting thing
is that Safari CAN display tiff images while Chrome and Firefox can't. Also, in
the network tabs, it seems that the responses are smaller than the file is
itself, which I guess means they didn't receive the full file. Is it possible
that Chrome and Firefox are closing the connection before they receive the
whole image, knowing that they can't actually display it, and that causes the
NPE?

I can actually debug in Eclipse the NPE (it stops there when it happens) so if
I can help you somehow debug it via me... :) I could tell you values of
variables, etc.

I'll continue to try and create a reproduction but let's try to figure it out
without that.

Thanks.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1808711 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/

[markt]

Author: markt
Date: Mon Sep 18 13:49:52 2017
New Revision: 1808711

URL: http://svn.apache.org/viewvc?rev=1808711=rev
Log:
Add an option to control how to respond to requests with invalid HTTP header 
names

Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java

tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java

tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java

tomcat/tc7.0.x/trunk/test/org/apache/coyote/http11/TestInternalInputBuffer.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Sep 18 13:49:52 2017
@@ -1,3 +1,3 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988
 
,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702
 
739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
 

svn commit: r1808707 - in /tomcat/tc8.0.x/trunk: java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/

[markt]

Author: markt
Date: Mon Sep 18 13:42:59 2017
New Revision: 1808707

URL: http://svn.apache.org/viewvc?rev=1808707=rev
Log:
Add an option to control how to respond to requests with invalid HTTP header 
names

Modified:

tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java

tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java

tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java

tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalNio2InputBuffer.java

tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java

tomcat/tc8.0.x/trunk/test/org/apache/coyote/http11/TestInternalInputBuffer.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1808707=1808706=1808707=diff
==
--- 
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
(original)
+++ 
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
Mon Sep 18 13:42:59 2017
@@ -37,6 +37,30 @@ public abstract class AbstractHttp11Prot
 //  HTTP specific 
properties
 // -- managed in the 
ProtocolHandler
 
+private boolean rejectIllegalHeaderName = false;
+/**
+ * If an HTTP request is received that contains an illegal header name 
(i.e.
+ * the header name is not a token) will the request be rejected (with a 400
+ * response) or will the illegal header be ignored.
+ *
+ * @return {@code true} if the request will be rejected or {@code false} if
+ * the header will be ignored
+ */
+public boolean getRejectIllegalHeaderName() { return 
rejectIllegalHeaderName; }
+/**
+ * If an HTTP request is received that contains an illegal header name 
(i.e.
+ * the header name is not a token) should the request be rejected (with a
+ * 400 response) or should the illegal header be ignored.
+ *
+ * @param rejectIllegalHeaderName   {@code true} to reject requests with
+ *  illegal header names, {@code false} to
+ *  ignore the header
+ */
+public void setRejectIllegalHeaderName(boolean rejectIllegalHeaderName) {
+this.rejectIllegalHeaderName = rejectIllegalHeaderName;
+}
+
+
 private int socketBuffer = 9000;
 public int getSocketBuffer() { return socketBuffer; }
 public void setSocketBuffer(int socketBuffer) {

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java?rev=1808707=1808706=1808707=diff
==
--- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java 
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java 
Mon Sep 18 13:42:59 2017
@@ -35,7 +35,6 @@ public abstract class AbstractInputBuffe
  */
 protected static final StringManager sm = 
StringManager.getManager(Constants.Package);
 
-
 /**
  * Associated Coyote request.
  */
@@ -110,6 +109,9 @@ public abstract class AbstractInputBuffe
 protected int lastActiveFilter;
 
 
+protected boolean rejectIllegalHeaderName;
+
+
 // - Properties
 
 /**

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java?rev=1808707=1808706=1808707=diff
==
--- 

svn commit: r1808702 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/coyote/http11/Http11InputBuffer.java

[markt]

Author: markt
Date: Mon Sep 18 13:27:45 2017
New Revision: 1808702

URL: http://svn.apache.org/viewvc?rev=1808702=rev
Log:
Fix comment

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Sep 18 13:27:45 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1808701 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

[markt]

Author: markt
Date: Mon Sep 18 13:27:03 2017
New Revision: 1808701

URL: http://svn.apache.org/viewvc?rev=1808701=rev
Log:
Fix comment

Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1808701=1808700=1808701=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Mon Sep 
18 13:27:03 2017
@@ -790,7 +790,7 @@ public class Http11InputBuffer implement
 headerData.lastSignificantChar = pos;
 break;
 } else if (!HttpParser.isToken(chr)) {
-// If a non-token characters are illegal in header names
+// Non-token characters are illegal in header names
 // Parsing continues so the error can be reported in context
 headerData.lastSignificantChar = pos;
 byteBuffer.position(byteBuffer.position() - 1);



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1808697 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/

[markt]

Author: markt
Date: Mon Sep 18 13:04:12 2017
New Revision: 1808697

URL: http://svn.apache.org/viewvc?rev=1808697=rev
Log:
Add an option to control how to respond to requests with invalid HTTP header 
names

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11Processor.java

tomcat/tc8.5.x/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/config/http.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Sep 18 13:04:12 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1808696 - /tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java

[markt]

Author: markt
Date: Mon Sep 18 13:02:01 2017
New Revision: 1808696

URL: http://svn.apache.org/viewvc?rev=1808696=rev
Log:
Fix IDE nag

Modified:

tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java

Modified: 
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java?rev=1808696=1808695=1808696=diff
==
--- 
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
 (original)
+++ 
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
 Mon Sep 18 13:02:01 2017
@@ -88,7 +88,7 @@ public class TestOpenSSLConf extends Tom
 
 @Test
 public void testOpenSSLConfCmdProtocol() throws Exception {
-Set disabledProtocols = new 
HashSet(Arrays.asList(DISABLED_PROTOCOLS));
+Set disabledProtocols = new 
HashSet<>(Arrays.asList(DISABLED_PROTOCOLS));
 StringBuilder sb = new StringBuilder();
 for (String protocol : DISABLED_PROTOCOLS) {
 sb.append(",").append("-").append(protocol);
@@ -103,7 +103,7 @@ public class TestOpenSSLConf extends Tom
 assertFalse("Protocol " + protocol + " is not allowed",
 disabledProtocols.contains(protocol));
 }
-Set enabledProtocols = new 
HashSet(Arrays.asList(protocols));
+Set enabledProtocols = new HashSet<>(Arrays.asList(protocols));
 for (String protocol : ENABLED_PROTOCOLS) {
 assertTrue("Protocol " + protocol + " is not enabled",
enabledProtocols.contains(protocol));



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1808695 - in /tomcat/trunk: java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/

[markt]

Author: markt
Date: Mon Sep 18 12:57:38 2017
New Revision: 1808695

URL: http://svn.apache.org/viewvc?rev=1808695=rev
Log:
Add an option to control how to respond to requests with invalid HTTP header 
names

Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/http.xml

Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1808695=1808694=1808695=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Mon 
Sep 18 12:57:38 2017
@@ -91,6 +91,30 @@ public abstract class AbstractHttp11Prot
 //  HTTP specific 
properties
 // -- managed in the 
ProtocolHandler
 
+private boolean rejectIllegalHeaderName = true;
+/**
+ * If an HTTP request is received that contains an illegal header name 
(i.e.
+ * the header name is not a token) will the request be rejected (with a 400
+ * response) or will the illegal header be ignored.
+ *
+ * @return {@code true} if the request will be rejected or {@code false} if
+ * the header will be ignored
+ */
+public boolean getRejectIllegalHeaderName() { return 
rejectIllegalHeaderName; }
+/**
+ * If an HTTP request is received that contains an illegal header name 
(i.e.
+ * the header name is not a token) should the request be rejected (with a
+ * 400 response) or should the illegal header be ignored.
+ *
+ * @param rejectIllegalHeaderName   {@code true} to reject requests with
+ *  illegal header names, {@code false} to
+ *  ignore the header
+ */
+public void setRejectIllegalHeaderName(boolean rejectIllegalHeaderName) {
+this.rejectIllegalHeaderName = rejectIllegalHeaderName;
+}
+
+
 private int maxSavePostSize = 4 * 1024;
 /**
  * Return the maximum size of the post which will be saved during FORM or

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1808695=1808694=1808695=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Mon Sep 
18 12:57:38 2017
@@ -64,6 +64,8 @@ public class Http11InputBuffer implement
 private final MimeHeaders headers;
 
 
+private final boolean rejectIllegalHeaderName;
+
 /**
  * State.
  */
@@ -146,12 +148,14 @@ public class Http11InputBuffer implement
 
 // --- Constructors
 
-public Http11InputBuffer(Request request, int headerBufferSize) {
+public Http11InputBuffer(Request request, int headerBufferSize,
+boolean rejectIllegalHeaderName) {
 
 this.request = request;
 headers = request.getMimeHeaders();
 
 this.headerBufferSize = headerBufferSize;
+this.rejectIllegalHeaderName = rejectIllegalHeaderName;
 
 filterLibrary = new InputFilter[0];
 activeFilters = new InputFilter[0];
@@ -786,10 +790,11 @@ public class Http11InputBuffer implement
 headerData.lastSignificantChar = pos;
 break;
 } else if (!HttpParser.isToken(chr)) {
-// If a non-token header is detected, skip the line and
-// ignore the header
+// If a non-token characters are illegal in header names
+// Parsing continues so the error can be reported in context
 headerData.lastSignificantChar = pos;
 byteBuffer.position(byteBuffer.position() - 1);
+// skipLine() will handle the error
 return skipLine();
 }
 
@@ -921,11 +926,15 @@ public class Http11InputBuffer implement
 headerData.lastSignificantChar = pos;
 }
 }
-if (log.isDebugEnabled()) {
-log.debug(sm.getString("iib.invalidheader",
+if (rejectIllegalHeaderName || log.isDebugEnabled()) {
+String message = sm.getString("iib.invalidheader",
 new String(byteBuffer.array(), headerData.start,

Re: [VOTE] Release Apache Tomcat 8.5.21

[Emmanuel Bourg]

Le 13/09/2017 à 23:02, Mark Thomas a écrit :

> The proposed 8.5.21 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.21

Unit tests passed on Debian with OpenJDK 8.

Emmanuel Bourg



signature.asc
Description: OpenPGP digital signature