Re: [VOTE] Release Apache Tomcat 8.5.21
On Thu, Sep 14, 2017 at 12:02 AM, Mark Thomaswrote: > The proposed Apache Tomcat 8.5.21 release is now available for voting. > > The major changes compared to the 8.5.20 release are: > > - Additional capabilities for the CGI Servlet. Based on patches provided > by jm009. > > - Added support for the OpenSSL SSL_CONF API. To support this the > minimum required Tomcat Native version is 1.2.14. > > Along with lots of other bug fixes and improvements. > > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.21/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1153/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_21/ > > The proposed 8.5.21 release is: > [ ] Broken - do not release > [ X ] Stable - go ahead and release as 8.5.21 > > Regards, Martin > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 9.0.0.M27
On Wed, Sep 13, 2017 at 9:49 PM, Mark Thomaswrote: > The proposed Apache Tomcat 9.0.0.M27 release is now available for voting. > > This is a milestone release for the 9.0.x branch. It should be > noted that, as a milestone release: > - Servlet 4.0 is not finalised > - It is not known if there will be a minor maintenance release for > JSP 2.4, EL 3.1 or WebSocket 1.2 > > The major changes compared to the 9.0.0.M26 release are: > > - Additional capabilities for the CGI Servlet. Based on patches provided > by jm009. > > - Added support for the OpenSSL SSL_CONF API. To support this the > minimum required Tomcat Native version is 1.2.14. > > Along with lots of other bug fixes and improvements. > > > For full details, see the changelog: > http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M27/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1152/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M27/ > > The proposed 9.0.0.M27 release is: > [ ] Broken - do not release > [ X ] Alpha - go ahead and release as 9.0.0.M27 > Regards, Martin > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: svn commit: r1808766 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11Processor.java java/org/apache/coyote/http11/LocalStrings.properties test/org/apache/coyote/http11/TestHttp11Processor.
On 18/09/17 20:33, ma...@apache.org wrote: > Author: markt > Date: Mon Sep 18 19:33:18 2017 > New Revision: 1808766 > > URL: http://svn.apache.org/viewvc?rev=1808766=rev > Log: > Implement various Host header checks required by RFC 7230 Before I go any further with this work (I want to plug in the Host name parser I wrote ~6 months ago) I wanted to get some feedback on these checks. > - Host header must be present for HTTP/1.1 requests > - multiple host headers are invalid The new Tomcat behaviour (reject with 400) is consistent with httpd for the above 2 tests. > - if the request line include the host, it must match the host header This goes further than httpd does (at the moment). Note RFC 2616 says in this case the request line takes precedence (which is what httpd does) and the old Tomcat code did. RFC 7230 says they must match. I'm wondering which, if any, of the above tests we might want to make optional in 9.0.x. I'm less concerned about the first 2 tests since the behaviour is consistent with httpd. I am wondering about making the 3rd test optional but enabled by default for 9.0.x. When the test is disabled, the request line value would take precedence as it did before this fix. I'm also thinking about the same questions for 8.5.x, 8.0.x and 7.0.x. My current thinking is as 9.0.x but change the default for the 3rd test to disabled. Thoughts? Comments? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808766 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11Processor.java java/org/apache/coyote/http11/LocalStrings.properties test/org/apache/coyote/http11/TestHttp11Processor.java
Author: markt Date: Mon Sep 18 19:33:18 2017 New Revision: 1808766 URL: http://svn.apache.org/viewvc?rev=1808766=rev Log: Implement various Host header checks required by RFC 7230 - Host header must be present for HTTP/1.1 requests - multiple host headers are invalid - if the request line include the host, it must match the host header Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties tomcat/trunk/test/org/apache/coyote/http11/TestHttp11Processor.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1808766=1808765=1808766=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Mon Sep 18 19:33:18 2017 @@ -725,6 +725,30 @@ public class Http11Processor extends Abs } } + +// Check host header +MessageBytes hostValueMB = null; +try { +hostValueMB = headers.getUniqueValue("host"); +} catch (IllegalArgumentException iae) { +// Multiple Host headers are not permitted +// 400 - Bad request +response.setStatus(400); +setErrorState(ErrorState.CLOSE_CLEAN, null); +if (log.isDebugEnabled()) { + log.debug(sm.getString("http11processor.request.multipleHosts")); +} +} +if (http11 && hostValueMB == null) { +// 400 - Bad request +response.setStatus(400); +setErrorState(ErrorState.CLOSE_CLEAN, null); +if (log.isDebugEnabled()) { +log.debug(sm.getString("http11processor.request.prepare")+ + " host header missing"); +} +} + // Check for a full URI (including protocol://host:port/) ByteChunk uriBC = request.requestURI().getByteChunk(); if (uriBC.startsWithIgnoreCase("http", 0)) { @@ -733,21 +757,44 @@ public class Http11Processor extends Abs int uriBCStart = uriBC.getStart(); int slashPos = -1; if (pos != -1) { +pos += 3; byte[] uriB = uriBC.getBytes(); -slashPos = uriBC.indexOf('/', pos + 3); +slashPos = uriBC.indexOf('/', pos); +int atPos = uriBC.indexOf('@', pos); if (slashPos == -1) { slashPos = uriBC.getLength(); // Set URI as "/" request.requestURI().setBytes -(uriB, uriBCStart + pos + 1, 1); +(uriB, uriBCStart + pos - 2, 1); } else { request.requestURI().setBytes (uriB, uriBCStart + slashPos, uriBC.getLength() - slashPos); } -MessageBytes hostMB = headers.setValue("host"); -hostMB.setBytes(uriB, uriBCStart + pos + 3, -slashPos - pos - 3); +// Skip any user info +if (atPos != -1) { +pos = atPos + 1; +} +if (http11) { +// Missing host header is illegal but handled above +if (hostValueMB != null) { +// Any host in the request line must be consistent with +// the Host header +if (!hostValueMB.getByteChunk().equals( +uriB, uriBCStart + pos, slashPos - pos)) { +response.setStatus(400); +setErrorState(ErrorState.CLOSE_CLEAN, null); +if (log.isDebugEnabled()) { + log.debug(sm.getString("http11processor.request.inconsistentHosts")); +} +} +} +} else { +// Not HTTP/1.1 - no Host header so generate one since +// Tomcat internals assume it is set +hostValueMB = headers.setValue("host"); +hostValueMB.setBytes(uriB, uriBCStart + pos, slashPos - pos); +} } } @@ -792,20 +839,7 @@ public class Http11Processor extends Abs } } -MessageBytes valueMB = headers.getValue("host"); - -// Check host header -if (http11 && (valueMB == null)) { -// 400 - Bad request -response.setStatus(400); -setErrorState(ErrorState.CLOSE_CLEAN, null); -if
Re: [VOTE] Release Apache Tomcat 9.0.0.M27
Am 13.09.2017 um 20:49 schrieb Mark Thomas: The proposed Apache Tomcat 9.0.0.M27 release is now available for voting. This is a milestone release for the 9.0.x branch. It should be noted that, as a milestone release: - Servlet 4.0 is not finalised - It is not known if there will be a minor maintenance release for JSP 2.4, EL 3.1 or WebSocket 1.2 The major changes compared to the 9.0.0.M26 release are: - Additional capabilities for the CGI Servlet. Based on patches provided by jm009. - Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14. Along with lots of other bug fixes and improvements. For full details, see the changelog: http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M27/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1152/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M27/ The proposed 9.0.0.M27 release is: [ ] Broken - do not release [x] Alpha - go ahead and release as 9.0.0.M27 Felix - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.21
Am 13.09.2017 um 23:02 schrieb Mark Thomas: The proposed Apache Tomcat 8.5.21 release is now available for voting. The major changes compared to the 8.5.20 release are: - Additional capabilities for the CGI Servlet. Based on patches provided by jm009. - Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14. Along with lots of other bug fixes and improvements. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.21/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1153/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_21/ The proposed 8.5.21 release is: [ ] Broken - do not release [x] Stable - go ahead and release as 8.5.21 Felix - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808761 - in /tomcat/trunk/test/org/apache: catalina/connector/ catalina/core/ coyote/http11/
Author: markt Date: Mon Sep 18 18:54:39 2017 New Revision: 1808761 URL: http://svn.apache.org/viewvc?rev=1808761=rev Log: Fix various tests that break when stricter Host header validation (comming soon) is applied. Modified: tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java tomcat/trunk/test/org/apache/coyote/http11/TestHttp11Processor.java Modified: tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java?rev=1808761=1808760=1808761=diff == --- tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java (original) +++ tomcat/trunk/test/org/apache/catalina/connector/TestRequest.java Mon Sep 18 18:54:39 2017 @@ -216,6 +216,7 @@ public class TestRequest extends TomcatB if (ucChunkedHead) { request[0] = "POST http://localhost:8080/test HTTP/1.1" + CRLF + +"Host: localhost:8080" + CRLF + "content-type: application/x-www-form-urlencoded" + CRLF + "Transfer-Encoding: CHUNKED" + CRLF + "Connection: close" + CRLF + @@ -225,6 +226,7 @@ public class TestRequest extends TomcatB } else { request[0] = "POST http://localhost:8080/test HTTP/1.1" + CRLF + +"Host: localhost:8080" + CRLF + "content-type: application/x-www-form-urlencoded" + CRLF + "Transfer-Encoding: chunked" + CRLF + "Connection: close" + CRLF + @@ -594,7 +596,7 @@ public class TestRequest extends TomcatB method + " http://localhost:; + getPort() + "/echo" + (null == queryString ? "" : ("?" + queryString)) + " HTTP/1.1" + CRLF - + "Host: localhost" + CRLF + + "Host: localhost:" + getPort() + CRLF + (null == contentType ? "" : ("Content-Type: " + contentType + CRLF)) + "Connection: close" + CRLF Modified: tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java?rev=1808761=1808760=1808761=diff == --- tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java (original) +++ tomcat/trunk/test/org/apache/catalina/core/TestStandardContext.java Mon Sep 18 18:54:39 2017 @@ -771,7 +771,7 @@ public class TestStandardContext extends request = new String[] { "POST http://localhost:; + getPort() + uri + " HTTP/1.1" + CRLF -+ "Host: localhost" + CRLF ++ "Host: localhost:" + getPort() + CRLF + "Connection: close" + CRLF + "Content-Type: multipart/form-data; boundary=" + boundary + CRLF + "Content-Length: " + content.length() + CRLF @@ -779,12 +779,10 @@ public class TestStandardContext extends + content + CRLF }; -} -else -{ +} else { request = new String[] { "GET http://localhost:; + getPort() + uri + " HTTP/1.1" + CRLF -+ "Host: localhost" + CRLF ++ "Host: localhost:" + getPort() + CRLF + "Connection: close" + CRLF + CRLF }; Modified: tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java?rev=1808761=1808760=1808761=diff == --- tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java (original) +++ tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java Mon Sep 18 18:54:39 2017 @@ -293,7 +293,7 @@ public class TestSwallowAbortedUploads e "ASCII"); request = new String[] { "POST http://localhost:; + getPort() + URI + " HTTP/1.1" + CRLF -+ "Host: localhost" + CRLF ++ "Host: localhost:" + getPort() + CRLF + "Connection: close" +
buildbot success in on tomcat-7-trunk
The Buildbot has detected a restored build on builder tomcat-7-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/874 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1808740 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808740 - /tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java
Author: markt Date: Mon Sep 18 16:13:46 2017 New Revision: 1808740 URL: http://svn.apache.org/viewvc?rev=1808740=rev Log: Unit tests always compile with Java 6 so avoid Java 7 features. This is simpler than refactoring the build scripts to build the WebSocket unit tests with Java 7. Modified: tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java Modified: tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java?rev=1808740=1808739=1808740=diff == --- tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java (original) +++ tomcat/tc7.0.x/trunk/test/org/apache/tomcat/websocket/TestPerMessageDeflate.java Mon Sep 18 16:13:46 2017 @@ -18,7 +18,7 @@ package org.apache.tomcat.websocket; import java.io.IOException; import java.nio.ByteBuffer; -import java.nio.charset.StandardCharsets; +import java.nio.charset.Charset; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -31,6 +31,13 @@ import org.junit.Test; public class TestPerMessageDeflate { /* + * This replaces StandardCharsets.UTF_8 as that requires Java 7 and this is + * simpler than refactoring the build script to build the WebSocket unit + * tests with Java 7. + */ +private static final Charset UTF_8 = Charset.forName("UTF-8"); + +/* * https://bz.apache.org/bugzilla/show_bug.cgi?id=61491 */ @Test @@ -44,14 +51,14 @@ public class TestPerMessageDeflate { PerMessageDeflate perMessageDeflate = PerMessageDeflate.negotiate(preferences, true); perMessageDeflate.setNext(new TesterTransformation()); -ByteBuffer bb1 = ByteBuffer.wrap("A".getBytes(StandardCharsets.UTF_8)); +ByteBuffer bb1 = ByteBuffer.wrap("A".getBytes(UTF_8)); MessagePart mp1 = new MessagePart(true, 0, Constants.OPCODE_TEXT, bb1, null, null); List uncompressedParts1 = new ArrayList(); uncompressedParts1.add(mp1); perMessageDeflate.sendMessagePart(uncompressedParts1); -ByteBuffer bb2 = ByteBuffer.wrap("".getBytes(StandardCharsets.UTF_8)); +ByteBuffer bb2 = ByteBuffer.wrap("".getBytes(UTF_8)); MessagePart mp2 = new MessagePart(true, 0, Constants.OPCODE_TEXT, bb2, null, null); List uncompressedParts2 = new ArrayList(); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61524] NullPointerException in Http11OutputBuffer
https://bz.apache.org/bugzilla/show_bug.cgi?id=61524 --- Comment #2 from Boris Petrov--- Hello, I'm trying to reproduce it but that proves to be difficult. A few things that I noticed while trying stuff: as I said, this happens when we return "tiff" images as blobs. It happens when I open a simple page which has only a single tag in it with the link to the tiff image. It blows up when I open this page in Chrome and Firefox. Doesn't blow up in Safari. Doesn't blow up when I hit the link to the image with curl and wget. The interesting thing is that Safari CAN display tiff images while Chrome and Firefox can't. Also, in the network tabs, it seems that the responses are smaller than the file is itself, which I guess means they didn't receive the full file. Is it possible that Chrome and Firefox are closing the connection before they receive the whole image, knowing that they can't actually display it, and that causes the NPE? I can actually debug in Eclipse the NPE (it stops there when it happens) so if I can help you somehow debug it via me... :) I could tell you values of variables, etc. I'll continue to try and create a reproduction but let's try to figure it out without that. Thanks. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808711 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/
Author: markt Date: Mon Sep 18 13:49:52 2017 New Revision: 1808711 URL: http://svn.apache.org/viewvc?rev=1808711=rev Log: Add an option to control how to respond to requests with invalid HTTP header names Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java tomcat/tc7.0.x/trunk/test/org/apache/coyote/http11/TestInternalInputBuffer.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Sep 18 13:49:52 2017 @@ -1,3 +1,3 @@ -/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
svn commit: r1808707 - in /tomcat/tc8.0.x/trunk: java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/
Author: markt Date: Mon Sep 18 13:42:59 2017 New Revision: 1808707 URL: http://svn.apache.org/viewvc?rev=1808707=rev Log: Add an option to control how to respond to requests with invalid HTTP header names Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalNio2InputBuffer.java tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java tomcat/tc8.0.x/trunk/test/org/apache/coyote/http11/TestInternalInputBuffer.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1808707=1808706=1808707=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Mon Sep 18 13:42:59 2017 @@ -37,6 +37,30 @@ public abstract class AbstractHttp11Prot // HTTP specific properties // -- managed in the ProtocolHandler +private boolean rejectIllegalHeaderName = false; +/** + * If an HTTP request is received that contains an illegal header name (i.e. + * the header name is not a token) will the request be rejected (with a 400 + * response) or will the illegal header be ignored. + * + * @return {@code true} if the request will be rejected or {@code false} if + * the header will be ignored + */ +public boolean getRejectIllegalHeaderName() { return rejectIllegalHeaderName; } +/** + * If an HTTP request is received that contains an illegal header name (i.e. + * the header name is not a token) should the request be rejected (with a + * 400 response) or should the illegal header be ignored. + * + * @param rejectIllegalHeaderName {@code true} to reject requests with + * illegal header names, {@code false} to + * ignore the header + */ +public void setRejectIllegalHeaderName(boolean rejectIllegalHeaderName) { +this.rejectIllegalHeaderName = rejectIllegalHeaderName; +} + + private int socketBuffer = 9000; public int getSocketBuffer() { return socketBuffer; } public void setSocketBuffer(int socketBuffer) { Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java?rev=1808707=1808706=1808707=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java Mon Sep 18 13:42:59 2017 @@ -35,7 +35,6 @@ public abstract class AbstractInputBuffe */ protected static final StringManager sm = StringManager.getManager(Constants.Package); - /** * Associated Coyote request. */ @@ -110,6 +109,9 @@ public abstract class AbstractInputBuffe protected int lastActiveFilter; +protected boolean rejectIllegalHeaderName; + + // - Properties /** Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/AbstractNioInputBuffer.java?rev=1808707=1808706=1808707=diff == ---
svn commit: r1808702 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/coyote/http11/Http11InputBuffer.java
Author: markt Date: Mon Sep 18 13:27:45 2017 New Revision: 1808702 URL: http://svn.apache.org/viewvc?rev=1808702=rev Log: Fix comment Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Sep 18 13:27:45 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
svn commit: r1808701 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
Author: markt Date: Mon Sep 18 13:27:03 2017 New Revision: 1808701 URL: http://svn.apache.org/viewvc?rev=1808701=rev Log: Fix comment Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1808701=1808700=1808701=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Mon Sep 18 13:27:03 2017 @@ -790,7 +790,7 @@ public class Http11InputBuffer implement headerData.lastSignificantChar = pos; break; } else if (!HttpParser.isToken(chr)) { -// If a non-token characters are illegal in header names +// Non-token characters are illegal in header names // Parsing continues so the error can be reported in context headerData.lastSignificantChar = pos; byteBuffer.position(byteBuffer.position() - 1); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808697 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/
Author: markt Date: Mon Sep 18 13:04:12 2017 New Revision: 1808697 URL: http://svn.apache.org/viewvc?rev=1808697=rev Log: Add an option to control how to respond to requests with invalid HTTP header names Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/Http11Processor.java tomcat/tc8.5.x/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml tomcat/tc8.5.x/trunk/webapps/docs/config/http.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Sep 18 13:04:12 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
svn commit: r1808696 - /tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
Author: markt Date: Mon Sep 18 13:02:01 2017 New Revision: 1808696 URL: http://svn.apache.org/viewvc?rev=1808696=rev Log: Fix IDE nag Modified: tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java Modified: tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java?rev=1808696=1808695=1808696=diff == --- tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java (original) +++ tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java Mon Sep 18 13:02:01 2017 @@ -88,7 +88,7 @@ public class TestOpenSSLConf extends Tom @Test public void testOpenSSLConfCmdProtocol() throws Exception { -Set disabledProtocols = new HashSet(Arrays.asList(DISABLED_PROTOCOLS)); +Set disabledProtocols = new HashSet<>(Arrays.asList(DISABLED_PROTOCOLS)); StringBuilder sb = new StringBuilder(); for (String protocol : DISABLED_PROTOCOLS) { sb.append(",").append("-").append(protocol); @@ -103,7 +103,7 @@ public class TestOpenSSLConf extends Tom assertFalse("Protocol " + protocol + " is not allowed", disabledProtocols.contains(protocol)); } -Set enabledProtocols = new HashSet(Arrays.asList(protocols)); +Set enabledProtocols = new HashSet<>(Arrays.asList(protocols)); for (String protocol : ENABLED_PROTOCOLS) { assertTrue("Protocol " + protocol + " is not enabled", enabledProtocols.contains(protocol)); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808695 - in /tomcat/trunk: java/org/apache/coyote/http11/ test/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/
Author: markt Date: Mon Sep 18 12:57:38 2017 New Revision: 1808695 URL: http://svn.apache.org/viewvc?rev=1808695=rev Log: Add an option to control how to respond to requests with invalid HTTP header names Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java tomcat/trunk/test/org/apache/coyote/http11/TestHttp11InputBuffer.java tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1808695=1808694=1808695=diff == --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Mon Sep 18 12:57:38 2017 @@ -91,6 +91,30 @@ public abstract class AbstractHttp11Prot // HTTP specific properties // -- managed in the ProtocolHandler +private boolean rejectIllegalHeaderName = true; +/** + * If an HTTP request is received that contains an illegal header name (i.e. + * the header name is not a token) will the request be rejected (with a 400 + * response) or will the illegal header be ignored. + * + * @return {@code true} if the request will be rejected or {@code false} if + * the header will be ignored + */ +public boolean getRejectIllegalHeaderName() { return rejectIllegalHeaderName; } +/** + * If an HTTP request is received that contains an illegal header name (i.e. + * the header name is not a token) should the request be rejected (with a + * 400 response) or should the illegal header be ignored. + * + * @param rejectIllegalHeaderName {@code true} to reject requests with + * illegal header names, {@code false} to + * ignore the header + */ +public void setRejectIllegalHeaderName(boolean rejectIllegalHeaderName) { +this.rejectIllegalHeaderName = rejectIllegalHeaderName; +} + + private int maxSavePostSize = 4 * 1024; /** * Return the maximum size of the post which will be saved during FORM or Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1808695=1808694=1808695=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Mon Sep 18 12:57:38 2017 @@ -64,6 +64,8 @@ public class Http11InputBuffer implement private final MimeHeaders headers; +private final boolean rejectIllegalHeaderName; + /** * State. */ @@ -146,12 +148,14 @@ public class Http11InputBuffer implement // --- Constructors -public Http11InputBuffer(Request request, int headerBufferSize) { +public Http11InputBuffer(Request request, int headerBufferSize, +boolean rejectIllegalHeaderName) { this.request = request; headers = request.getMimeHeaders(); this.headerBufferSize = headerBufferSize; +this.rejectIllegalHeaderName = rejectIllegalHeaderName; filterLibrary = new InputFilter[0]; activeFilters = new InputFilter[0]; @@ -786,10 +790,11 @@ public class Http11InputBuffer implement headerData.lastSignificantChar = pos; break; } else if (!HttpParser.isToken(chr)) { -// If a non-token header is detected, skip the line and -// ignore the header +// If a non-token characters are illegal in header names +// Parsing continues so the error can be reported in context headerData.lastSignificantChar = pos; byteBuffer.position(byteBuffer.position() - 1); +// skipLine() will handle the error return skipLine(); } @@ -921,11 +926,15 @@ public class Http11InputBuffer implement headerData.lastSignificantChar = pos; } } -if (log.isDebugEnabled()) { -log.debug(sm.getString("iib.invalidheader", +if (rejectIllegalHeaderName || log.isDebugEnabled()) { +String message = sm.getString("iib.invalidheader", new String(byteBuffer.array(), headerData.start,
Re: [VOTE] Release Apache Tomcat 8.5.21
Le 13/09/2017 à 23:02, Mark Thomas a écrit : > The proposed 8.5.21 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.21 Unit tests passed on Debian with OpenJDK 8. Emmanuel Bourg signature.asc Description: OpenPGP digital signature