subject:"svn commit\: r1831389 \- \/tomcat\/trunk\/java\/org\/apache\/coyote\/http11\/Http11InputBuffer.java"

Re: svn commit: r1831389 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

2018-05-11 Thread Mark Thomas

On 11/05/18 15:44, Christopher Schultz wrote:



> Why not use something like "UNKNOWN" instead of "HTTP/1.1"? It might
> be confusing to see that the protocol "is" HTTP/1.1 when it was
> actually something else on the wire.

Because:
- neither the app nor the client ever sees it.
- it needs to be a valid value to prevent another error being triggered
later.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1831389 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

2018-05-11 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 5/11/18 4:34 AM, ma...@apache.org wrote:
> Author: markt Date: Fri May 11 08:34:21 2018 New Revision: 1831389
> 
> URL: http://svn.apache.org/viewvc?rev=1831389=rev Log: When
> the header limit is exceeded before the protocol is read (e.g. with
> excessive new lines before the request line), set the protocol to
> avoid the missing protocol triggering a 505 error masking the real
> error code.
> 
> Modified: 
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
> 
> Modified:
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java 
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http1
1/Http11InputBuffer.java?rev=1831389=1831388=1831389=diff
>
> 

==
> ---
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
> (original) +++
> tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
> Fri May 11 08:34:21 2018 @@ -711,6 +711,10 @@ public class
> Http11InputBuffer implement
> 
> if (parsingHeader) { if (byteBuffer.limit() >= headerBufferSize) { 
> +if (parsingRequestLine) { +//
> Avoid unknown protocol triggering an additional error +
> request.protocol().setString(Constants.HTTP_11); +
> }

Why not use something like "UNKNOWN" instead of "HTTP/1.1"? It might
be confusing to see that the protocol "is" HTTP/1.1 when it was
actually something else on the wire.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlr1rEgACgkQHPApP6U8
pFhn6BAAj1bBFKStBUHSL+9plGEz7X6jr48SuF3ftcbkKZ56saPdQ4xULJm8QUw4
YX+pw2ORv+fq+fmdfgNgIZnlatN4eXTAmUTlswnkjOPEP4LsJUYqFU8t8WT6iiUq
XnYQbyrSKNCcITSu4XQOV6CfvZuOo/Fu6t3SCR9bjQ9azKdUsq6TpnwAwyg3bMwI
25zxBymSWiBv2LENcV4c2CRYvOiTNCEn/DVYZVWubYiLhKuaeo6wD6QKiEnHqJvd
8vl1w7v/YQfauRIyQJZ3wXTmiX8+fTwHFrhVi/4mp0peRCHYc11mvlXVNKYHKLCO
2kizfdMljdZrdXTlEOGe7pPntliMXASiCGekSJoEh+weTFFwU74AYT8fZmssBUIz
qOS1bvopRf07rXWJe9XGAF5TGZKVVmy5cPAewlsfbA0cA4/h2b15al7UFYev8LTa
zbf/f/VImFx/3P5VeujnIy3Cir70MQpETwo1oBHLe6T7AcsLR/L9o3i7oUqj1vyA
U1jUlH6Bhabnh3HIl4uPamY4gDoYUAQMcM+giHsbgdpd8FAGbsh0V+bF7NcGmxgq
Mt38Ge5B5T3NO6uxpgkQqhfvlEn8DXtSJRxdV5eZQhpwrpkYjyaRFI+gItWw6f72
428BkppXqK6t/ob5gBJK7Mz6BZ4LqWpTVr6y3u3nCVOPxiNdKbg=
=RItO
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1831389 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

2018-05-11 Thread markt

Author: markt
Date: Fri May 11 08:34:21 2018
New Revision: 1831389

URL: http://svn.apache.org/viewvc?rev=1831389=rev
Log:
When the header limit is exceeded before the protocol is read (e.g. with 
excessive new lines before the request line), set the protocol to avoid the 
missing protocol triggering a 505 error masking the real error code.

Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java?rev=1831389=1831388=1831389=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java Fri May 
11 08:34:21 2018
@@ -711,6 +711,10 @@ public class Http11InputBuffer implement
 
 if (parsingHeader) {
 if (byteBuffer.limit() >= headerBufferSize) {
+if (parsingRequestLine) {
+// Avoid unknown protocol triggering an additional error
+request.protocol().setString(Constants.HTTP_11);
+}
 throw new 
IllegalArgumentException(sm.getString("iib.requestheadertoolarge.error"));
 }
 } else {



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1831389 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

Re: svn commit: r1831389 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

svn commit: r1831389 - /tomcat/trunk/java/org/apache/coyote/http11/Http11InputBuffer.java

3 matches

Site Navigation

Mail list logo

Footer information