This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push: new 32c3009 Fix BZ 64483 Log a warning when an AJP request is rejected 32c3009 is described below commit 32c30090e754f7b7e84eb16deaed93d27ce37045 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Jun 2 11:22:35 2020 +0100 Fix BZ 64483 Log a warning when an AJP request is rejected --- java/org/apache/coyote/ajp/AbstractAjpProcessor.java | 15 +++++---------- java/org/apache/coyote/ajp/LocalStrings.properties | 1 + webapps/docs/changelog.xml | 8 ++++++++ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/java/org/apache/coyote/ajp/AbstractAjpProcessor.java b/java/org/apache/coyote/ajp/AbstractAjpProcessor.java index 7d6cae1..7016e41 100644 --- a/java/org/apache/coyote/ajp/AbstractAjpProcessor.java +++ b/java/org/apache/coyote/ajp/AbstractAjpProcessor.java @@ -27,7 +27,6 @@ import java.util.Collections; import java.util.HashSet; import java.util.Set; import java.util.concurrent.atomic.AtomicBoolean; -import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.http.HttpServletResponse; @@ -912,17 +911,13 @@ public abstract class AbstractAjpProcessor<S> extends AbstractProcessor<S> { } else { // All 'known' attributes will be processed by the previous // blocks. Any remaining attribute is an 'arbitrary' one. - if (allowedRequestAttributesPatternPattern == null) { + if (allowedRequestAttributesPatternPattern != null && + allowedRequestAttributesPatternPattern.matcher(n).matches() ) { + request.setAttribute(n, v); + } else { + getLog().warn(sm.getString("ajpprocessor.unknownAttribute", n)); response.setStatus(403); setErrorState(ErrorState.CLOSE_CLEAN, null); - } else { - Matcher m = allowedRequestAttributesPatternPattern.matcher(n); - if (m.matches()) { - request.setAttribute(n, v); - } else { - response.setStatus(403); - setErrorState(ErrorState.CLOSE_CLEAN, null); - } } } break; diff --git a/java/org/apache/coyote/ajp/LocalStrings.properties b/java/org/apache/coyote/ajp/LocalStrings.properties index 496550c..3868f45 100644 --- a/java/org/apache/coyote/ajp/LocalStrings.properties +++ b/java/org/apache/coyote/ajp/LocalStrings.properties @@ -33,6 +33,7 @@ ajpprocessor.request.prepare=Error preparing request ajpprocessor.request.process=Error processing request ajpprocessor.socket.info=Exception getting socket information ajpprocessor.ssl.notsupported=The SSL protocol is not supported by this connector +ajpprocessor.unknownAttribute=Rejecting request due to unknown request attribute [{0}] received from reverse proxy ajpprotocol.endpoint.starterror=Error starting endpoint ajpprotocol.failedwrite=Socket write failed diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3707cdd..3c2bbee 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -68,6 +68,14 @@ </fix> </changelog> </subsection> + <subsection name="Coyote"> + <changelog> + <add> + <bug>64483</bug>: Log a warning if an AJP request is rejected because it + contains an unexpected request attribute. (markt) + </add> + </changelog> + </subsection> <subsection name="WebSocket"> <changelog> <fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org