Re: [patch] wrong rx to invalid url
Keith Wannamaker wrote:
I'd like to commit something along these lines to the
v4 and v5 CoyoteAdaptors:
--- coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java16 Mar 2003
01:56:27 - 1.13.2.3
+++ coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java18 Sep 2003
19:45:09 -
@@ -273,7 +273,13 @@
// URI decoding
req.decodedURI().duplicate(req.requestURI());
-req.getURLDecoder().convert(req.decodedURI(), false);
+try {
+ req.getURLDecoder().convert(req.decodedURI(), false);
+} catch (IOException ioe) {
+res.setStatus(400);
+res.setMessage(Invalid URI);
+throw new IOException(Invalid URI);
+}
req.decodedURI().setEncoding(UTF-8);
// Normalize decoded URI
UDecoder.convert will throw a CharConversionException for
urls which contain '%' with invalid or no trailing hex digits.
This exception is ignored and Tomcat is returning a 200 with
an empty body, which is wrong.
Any suggestions on a better way to correct are welcome.
+1, this seems ok (good thing the request is properly recycled anyway).
BTW, can't the original ioe be rethrown (this seems simpler) ?
Remy
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [patch] wrong rx to invalid url
Yes it can be, good catch.
Keith
| -Original Message-
| From: Remy Maucherat [mailto:[EMAIL PROTECTED]
| Sent: Thursday, September 18, 2003 4:07 PM
| To: Tomcat Developers List
| Subject: Re: [patch] wrong rx to invalid url
|
|
| Keith Wannamaker wrote:
|
| I'd like to commit something along these lines to the
| v4 and v5 CoyoteAdaptors:
|
| --- coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java16 Mar
2003 01:56:27 - 1.13.2.3
| +++ coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java18 Sep
2003 19:45:09 -
| @@ -273,7 +273,13 @@
|
| // URI decoding
| req.decodedURI().duplicate(req.requestURI());
| -req.getURLDecoder().convert(req.decodedURI(), false);
| +try {
| + req.getURLDecoder().convert(req.decodedURI(), false);
| +} catch (IOException ioe) {
| +res.setStatus(400);
| +res.setMessage(Invalid URI);
| +throw new IOException(Invalid URI);
| +}
| req.decodedURI().setEncoding(UTF-8);
|
| // Normalize decoded URI
|
| UDecoder.convert will throw a CharConversionException for
| urls which contain '%' with invalid or no trailing hex digits.
| This exception is ignored and Tomcat is returning a 200 with
| an empty body, which is wrong.
|
| Any suggestions on a better way to correct are welcome.
|
| +1, this seems ok (good thing the request is properly recycled anyway).
| BTW, can't the original ioe be rethrown (this seems simpler) ?
|
| Remy
|
|
|
| -
| To unsubscribe, e-mail: [EMAIL PROTECTED]
| For additional commands, e-mail: [EMAIL PROTECTED]
|
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [patch] wrong rx to invalid url
+1 From me as well.
- Original Message -
From: Keith Wannamaker [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Thursday, September 18, 2003 1:24 PM
Subject: RE: [patch] wrong rx to invalid url
Yes it can be, good catch.
Keith
| -Original Message-
| From: Remy Maucherat [mailto:[EMAIL PROTECTED]
| Sent: Thursday, September 18, 2003 4:07 PM
| To: Tomcat Developers List
| Subject: Re: [patch] wrong rx to invalid url
|
|
| Keith Wannamaker wrote:
|
| I'd like to commit something along these lines to the
| v4 and v5 CoyoteAdaptors:
|
| --- coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
16 Mar 2003 01:56:27 - 1.13.2.3
| +++ coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
18 Sep 2003 19:45:09 -
| @@ -273,7 +273,13 @@
|
| // URI decoding
| req.decodedURI().duplicate(req.requestURI());
| -req.getURLDecoder().convert(req.decodedURI(), false);
| +try {
| + req.getURLDecoder().convert(req.decodedURI(), false);
| +} catch (IOException ioe) {
| +res.setStatus(400);
| +res.setMessage(Invalid URI);
| +throw new IOException(Invalid URI);
| +}
| req.decodedURI().setEncoding(UTF-8);
|
| // Normalize decoded URI
|
| UDecoder.convert will throw a CharConversionException for
| urls which contain '%' with invalid or no trailing hex digits.
| This exception is ignored and Tomcat is returning a 200 with
| an empty body, which is wrong.
|
| Any suggestions on a better way to correct are welcome.
|
| +1, this seems ok (good thing the request is properly recycled anyway).
| BTW, can't the original ioe be rethrown (this seems simpler) ?
|
| Remy
|
|
|
| -
| To unsubscribe, e-mail: [EMAIL PROTECTED]
| For additional commands, e-mail: [EMAIL PROTECTED]
|
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This message is intended only for the use of the person(s) listed above as the
intended recipient(s), and may contain information that is PRIVILEGED and
CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or
distribute this message or any attachment. If you received this communication in
error, please notify us immediately by e-mail and then delete all copies of this
message and any attachments.
In addition you should be aware that ordinary (unencrypted) e-mail sent through the
Internet is not secure. Do not send confidential or sensitive information, such as
social security numbers, account numbers, personal identification numbers and
passwords, to us via ordinary (unencrypted) e-mail.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
