[Bug 65340] Hpack decode NegativeArraySizeException: -1
https://bz.apache.org/bugzilla/show_bug.cgi?id=65340 --- Comment #9 from linking12 <297442...@qq.com> --- public class Constants { static final int DEFAULT_HEADER_READ_BUFFER_SIZE = 1024; } we found some bug for DEFAULT_HEADER_READ_BUFFER_SIZE, when one header is larger than 1024, the headerReadBuffer can not expand; i confirm jetty encode right; we confirm from this order: 1: disable hpack index in jetty and Huffman, force header encode by Ascii 2: force header larger than 1k 3: debug tomcat decode and found can not process the header(larger than 1k) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Apache Tomcat 10.0.2: generated _jsp.class file has empty local variable table
вс, 30 мая 2021 г. в 11:45, Pietro Braione : > > Hello to everyone. I am working on a bytecode analyzer, and in order to test > it I fed it by a _jsp.class file generated by Apache Tomcat 10.0.2 from a > trivial JSP page. [...] > > I would like to ask where is the Tomcat code that is responsible for emitting > the _jsp.class files. Citing from the NOTICE file: Java compilation software for JSP pages is provided by the Eclipse JDT Core Batch Compiler component, which is open source software. The original software and related information is available at https://www.eclipse.org/jdt/core/. For Apache Tomcat 10.0.6 that is lib/ecj-4.18.jar Jasper (the component of Tomcat that is responsible for processing of JSP pages) can also be reconfigured to use the javac compiler from a JDK, but it is a rarely used feature. (I wonder if anyone is using it at all). http://tomcat.apache.org/tomcat-10.0-doc/jasper-howto.html Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65344] New: OpenSSL configuration
https://bz.apache.org/bugzilla/show_bug.cgi?id=65344 Bug ID: 65344 Summary: OpenSSL configuration Product: Tomcat Native Version: unspecified Hardware: PC OS: All Status: NEW Severity: enhancement Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: d...@concisoft.com Target Milestone: --- A potential improvement in the OpenSSL interaction might be to enable OpenSSL configuration: In ssl.c, initialization is done with the call: OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); The openssl command in OpenSSL source performs initialization like this: OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL); The OPENSSL_INIT_LOAD_CONFIG makes the OpenSSL library load configuration (for example /etc/ssl/openssl.cnf by default on Ubuntu). The configuration could also be specified through a path in OPENSSL_CONF environment variable (that could be set in setenv.sh in Tomcat for full control over the OpenSSL configuration.) The ability to configure OpenSSL is important. As an example, some crypto engines require the engine initialized by the client code (others don't). This can be expressed in the configuration. See NGINX forum related to this and see how the OpenSSL configuration is relied upon to initialize a crypto engine, without changing the client code: https://forum.nginx.org/read.php?29,279575,279905 (A similar enhancement request was initially made as a comment on ticket #65181.) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65340] Hpack decode NegativeArraySizeException: -1
https://bz.apache.org/bugzilla/show_bug.cgi?id=65340 --- Comment #8 from linking12 <297442...@qq.com> --- (In reply to gr...@webtide.com from comment #5) > Mark, I can't tell either if this is Jetty encoding or Tomcat decoding. > > If you want to write a test to do some jetty encodes and tomcate decodes, > then if you have a maven dependency on > org.eclipse.jetty.http2:http2-hpack:jar > the following code shows how to do jetty encoding/decoding: > > @Test > public void encodeDecodeTest() throws Exception > { > HpackEncoder encoder = new HpackEncoder(); > HpackDecoder decoder = new HpackDecoder(4096, 8192); > > HttpFields fields = new HttpFields(); > fields.add(HttpHeader.CONTENT_TYPE, "text/html"); > fields.add(HttpHeader.CONTENT_LENGTH, "1024"); > > MetaData.Request request = new MetaData.Request("POST", new > HttpURI("/test"), HttpVersion.HTTP_2, fields); > > ByteBuffer buffer = BufferUtil.allocateDirect(16 * 1024); > BufferUtil.clearToFill(buffer); > encoder.encode(buffer, request); > BufferUtil.flipToFlush(buffer, 0); > > MetaData.Request requestReceived = > (MetaData.Request)decoder.decode(buffer); > > System.err.println(requestReceived); > requestReceived.getFields().stream().forEach(System.err::println); > > MetaData.Response response = new > MetaData.Response(HttpVersion.HTTP_2, 200, fields); > > BufferUtil.clearToFill(buffer); > encoder.encode(buffer, response); > BufferUtil.flipToFlush(buffer, 0); > > MetaData.Response responseReceived = > (Response)decoder.decode(buffer); > > System.err.println(responseReceived); > responseReceived.getFields().stream().forEach(System.err::println); > } I have test your code, It is ok but we do something,and found more information,when the header is larger, it appear more frequently; we have done something: 1: when we not index and not hufman header in jetty and the header is larger than 1k, tomcat can not processs the header; 2: as thomas's reply, in javadoc in org.apache.coyote.http2.Hpack.decodeInteger(ByteBuffer, int), it can return -1, why tomcat do not process -1 to throw some more detail exception, i think it is not make sense -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65340] Hpack decode NegativeArraySizeException: -1
https://bz.apache.org/bugzilla/show_bug.cgi?id=65340 --- Comment #7 from Thomas --- (In reply to Thomas from comment #6) > I found some information. Can you give me some answers? > 1. If my header size is very big. Its length is bigger than 1024 after > huffman encoding, the header will not be got. The value of > headerReadBuffer.remaining() is not 0, when the header is not the first one. protected void readHeaderPayload(int streamId, int payloadSize, ByteBuffer buffer) throws Http2Exception, IOException { if (log.isDebugEnabled()) { log.debug(sm.getString("http2Parser.processFrameHeaders.payload", connectionId, Integer.valueOf(streamId), Integer.valueOf(payloadSize))); } int remaining = payloadSize; while (remaining > 0) { if (headerReadBuffer.remaining() == 0) { // Buffer needs expansion int newSize; if (headerReadBuffer.capacity() < payloadSize) { // First step, expand to the current payload. That should // cover most cases. newSize = payloadSize; } else { // Header must be spread over multiple frames. Keep doubling // buffer size until the header can be read. newSize = headerReadBuffer.capacity() * 2; } headerReadBuffer = ByteBufferUtils.expand(headerReadBuffer, newSize); } int toRead = Math.min(headerReadBuffer.remaining(), remaining); // headerReadBuffer in write mode if (buffer == null) { input.fill(true, headerReadBuffer, toRead); } else { int oldLimit = buffer.limit(); buffer.limit(buffer.position() + toRead); headerReadBuffer.put(buffer); buffer.limit(oldLimit); } // switch to read mode headerReadBuffer.flip(); try { hpackDecoder.decode(headerReadBuffer); } catch (HpackException hpe) { throw new ConnectionException( sm.getString("http2Parser.processFrameHeaders.decodingFailed"), Http2Error.COMPRESSION_ERROR, hpe); } // switches to write mode headerReadBuffer.compact(); remaining -= toRead; if (hpackDecoder.isHeaderCountExceeded()) { StreamException headerException = new StreamException(sm.getString( "http2Parser.headerLimitCount", connectionId, Integer.valueOf(streamId)), Http2Error.ENHANCE_YOUR_CALM, streamId); hpackDecoder.getHeaderEmitter().setHeaderException(headerException); } if (hpackDecoder.isHeaderSizeExceeded(headerReadBuffer.position())) { StreamException headerException = new StreamException(sm.getString( "http2Parser.headerLimitSize", connectionId, Integer.valueOf(streamId)), Http2Error.ENHANCE_YOUR_CALM, streamId); hpackDecoder.getHeaderEmitter().setHeaderException(headerException); } if (hpackDecoder.isHeaderSwallowSizeExceeded(headerReadBuffer.position())) { throw new ConnectionException(sm.getString("http2Parser.headerLimitSize", connectionId, Integer.valueOf(streamId)), Http2Error.ENHANCE_YOUR_CALM); } } } > 2. The value of the variable "length" is -1 in > org.apache.coyote.http2.HpackDecoder#readHpackString, why the following > logic don't process it? private String readHpackString(ByteBuffer buffer) throws HpackException { if (!buffer.hasRemaining()) { return null; } byte data = buffer.get(buffer.position()); int length = Hpack.decodeInteger(buffer, 7); if (buffer.remaining() < length) { return null; } boolean huffman = (data & 0b1000) != 0; if (huffman) { return readHuffmanString(length, buffer); } StringBuilder stringBuilder = new StringBuilder(length); for (int i = 0; i < length; ++i) { stringBuilder.append((char) buffer.get()); } return stringBuilder.toString(); } -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65340] Hpack decode NegativeArraySizeException: -1
https://bz.apache.org/bugzilla/show_bug.cgi?id=65340 --- Comment #6 from Thomas --- I found some information. Can you give me some answers? 1. If my header size is very big. Its length is bigger than 1024 after huffman encoding, the header will not be got. 2. The value of the variable "length" is -1 in org.apache.coyote.http2.HpackDecoder#readHpackString, why the following logic don't process it? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Information about tomcat
Good morning I didn't find anything about my questions: I basically found stuff concerning bug fixing, exceptions and coding problems ecc. but nothing about the development process. It would be really important for us if you could provide us with the information we need. ( they are really quick, even a Yes/No answer is fine) Best regards. Niccolo' Orlandi. Il giorno sab 29 mag 2021 alle ore 22:48 Mark Thomas ha scritto: > All Apache Tomcat development is organised on this mailing list. If it > isn't on this mailing list then it didn't happen. > > The answers to all of your questions may be found be reviewing the > mailing list archives. > > Personally, I like tomcat.markmail.org. > Other archives are available. > > Mark > > > On 29/05/2021 14:23, Niccolò Orlandi wrote: > > Good morning, > > I'm Niccolo' Orlandi a student from the University of Padua. > > I'm taking part in a project for the class of software engineering. > > > > If possible, I'd be grateful if you could give me some more information > > about the development process of tomcat: > > > > What kind of production process have you followed? > > - Agile > > - waterfall > > - common output > > - something else? > > > > If you used an Agile method, what method did you use? > > > > Have you used some Extreme programming (xp) or SCRUM like processes to > > develop this project? (if yes could you describe the main aspects of > these > > methodologies that you used?) > > > > Which of the following practices did use? > > > > - Planning game > > - Prefering Short releases to long releases > > - Using Metaphors to communicate as well as possible with the customer > > - Using a Simple software design > > - Test-driven development > > - Refactoring your software > > - Applying Pair programming > > - Sharing code with all the team to create a "collective code ownership" > > - Continuous integration of the code > > - 40 hours working week (not working overtime) > > - On-site customer > > using coding standards > > > > I've seen that you talk about the incubator in your page, has tomcat had > an > > "incubator phase"? > > > > Thank you for your time, > > > > Hoping in a response > > > > Best regards > > > > Niccolo' Orlandi > > > > < > http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail > > > > Mail > > priva di virus. www.avg.com > > < > http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail > > > > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
[tomcat-native] 02/02: Additional fix for BZ 65181
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 6c57ffaf47f0e27e59fb99fb528f5f626a5b5465 Author: Mark Thomas AuthorDate: Mon May 31 12:14:29 2021 +0100 Additional fix for BZ 65181 https://bz.apache.org/bugzilla/show_bug.cgi?id=65181 --- native/src/ssl.c | 11 --- xdocs/miscellaneous/changelog.xml | 5 + 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/native/src/ssl.c b/native/src/ssl.c index da5f026..d59246e 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -367,6 +367,14 @@ static apr_status_t ssl_init_cleanup(void *data) #endif free_dh_params(); +#ifndef OPENSSL_NO_ENGINE +if (tcn_ssl_engine != NULL) { +/* Release the SSL Engine structural reference */ +ENGINE_free(tcn_ssl_engine); +tcn_ssl_engine = NULL; +} +#endif + #if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) /* Openssl v1.1+ handles all termination automatically. Do * nothing in this case. @@ -815,9 +823,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL)) err = APR_ENOTIMPL; } -/* Free our "structural" reference. */ -if (ee) -ENGINE_free(ee); } if (err != APR_SUCCESS) { TCN_FREE_CSTRING(engine); diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 383a43a..e366685 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -35,6 +35,11 @@ + + 65181: Additional changes required to provided support for + using OpenSSL Engines that use proprietary key formats. Based on a patch + provided by Edin Hodzic. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated (353f2c0 -> 6c57ffa)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git. from 353f2c0 Add best guess for 1.2.29 release date new e0bbfc5 Updated docs after 1.2.9 release was cancelled. new 6c57ffa Additional fix for BZ 65181 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: native/src/ssl.c | 11 --- xdocs/miscellaneous/changelog.xml | 7 ++- xdocs/news/2021.xml | 5 - 3 files changed, 14 insertions(+), 9 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/02: Updated docs after 1.2.9 release was cancelled.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit e0bbfc5ca0895963479640e0560f4fe6038ef542 Author: Mark Thomas AuthorDate: Mon May 31 12:02:39 2021 +0100 Updated docs after 1.2.9 release was cancelled. --- xdocs/miscellaneous/changelog.xml | 2 +- xdocs/news/2021.xml | 5 - 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 483bdf0..383a43a 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -36,7 +36,7 @@ - + Add a patch for APR that fixes an issue where some Windows systems in some diff --git a/xdocs/news/2021.xml b/xdocs/news/2021.xml index 2582f5d..a9f6c7b 100644 --- a/xdocs/news/2021.xml +++ b/xdocs/news/2021.xml @@ -29,11 +29,6 @@ - - The Apache Tomcat team is proud to announce the immediate availability of - Tomcat Native 1.2.29. This is a bugfix release. - - The Apache Tomcat team is proud to announce the immediate availability of Tomcat Native 1.2.28. This is a bugfix release. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65181] Tomcat Native library with OpenSSL Engine private key loading
https://bz.apache.org/bugzilla/show_bug.cgi?id=65181 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #16 from Mark Thomas --- I've applied a variation of the additional fix in comment #12. The suggestion in #14 is a separate issue and should be submitted via a new enhancement request. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org