Return-Path: X-Original-To: apmail-geronimo-scm-archive@www.apache.org Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1CADA7220 for ; Sat, 8 Oct 2011 05:41:47 +0000 (UTC) Received: (qmail 65721 invoked by uid 500); 8 Oct 2011 05:41:46 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 65614 invoked by uid 500); 8 Oct 2011 05:41:41 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 65606 invoked by uid 99); 8 Oct 2011 05:41:40 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 08 Oct 2011 05:41:40 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 08 Oct 2011 05:41:38 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 2976023888EA; Sat, 8 Oct 2011 05:41:18 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1180318 - in /geronimo/server/branches/2.1: ./ repository/commons-httpclient/ repository/commons-httpclient/commons-httpclient/ repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/ Date: Sat, 08 Oct 2011 05:41:17 -0000 To: scm@geronimo.apache.org From: xuhaihong@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20111008054118.2976023888EA@eris.apache.org> Author: xuhaihong Date: Sat Oct 8 05:41:17 2011 New Revision: 1180318 URL: http://svn.apache.org/viewvc?rev=1180318&view=rev Log: Use patched commons-httpclient to include the fix for HTTPCLIENT-644 Added: geronimo/server/branches/2.1/repository/commons-httpclient/ (with props) geronimo/server/branches/2.1/repository/commons-httpclient/HTTPCLIENT-644.patch geronimo/server/branches/2.1/repository/commons-httpclient/README.TXT geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/ (with props) geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/ (with props) geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/commons-httpclient-3.0.1-G20111008.jar (with props) Modified: geronimo/server/branches/2.1/pom.xml Modified: geronimo/server/branches/2.1/pom.xml URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/pom.xml?rev=1180318&r1=1180317&r2=1180318&view=diff ============================================================================== --- geronimo/server/branches/2.1/pom.xml (original) +++ geronimo/server/branches/2.1/pom.xml Sat Oct 8 05:41:17 2011 @@ -797,7 +797,7 @@ commons-httpclient commons-httpclient - 3.0.1 + 3.0.1-G20111008 junit Propchange: geronimo/server/branches/2.1/repository/commons-httpclient/ ------------------------------------------------------------------------------ bugtraq:number = true Added: geronimo/server/branches/2.1/repository/commons-httpclient/HTTPCLIENT-644.patch URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/repository/commons-httpclient/HTTPCLIENT-644.patch?rev=1180318&view=auto ============================================================================== --- geronimo/server/branches/2.1/repository/commons-httpclient/HTTPCLIENT-644.patch (added) +++ geronimo/server/branches/2.1/repository/commons-httpclient/HTTPCLIENT-644.patch Sat Oct 8 05:41:17 2011 @@ -0,0 +1,225 @@ +Index: src/java/org/apache/commons/httpclient/HttpParser.java +=================================================================== +--- src/java/org/apache/commons/httpclient/HttpParser.java (revision 1180291) ++++ src/java/org/apache/commons/httpclient/HttpParser.java (working copy) +@@ -34,6 +34,7 @@ + import java.io.ByteArrayOutputStream; + import java.util.ArrayList; + ++import org.apache.commons.httpclient.params.HttpConnectionParams; + import org.apache.commons.httpclient.util.EncodingUtil; + import org.apache.commons.logging.Log; + import org.apache.commons.logging.LogFactory; +@@ -52,11 +53,19 @@ + /** Log object for this class. */ + private static final Log LOG = LogFactory.getLog(HttpParser.class); + ++ private static int MAX_HEADER_COUNT = Integer.getInteger(HttpConnectionParams.MAX_HEADER_COUNT, -1); ++ ++ private static int MAX_LINE_LENGTH = Integer.getInteger(HttpConnectionParams.MAX_LINE_LENGTH , -1); ++ + /** + * Constructor for HttpParser. + */ + private HttpParser() { } + ++ public static byte[] readRawLine(InputStream inputStream) throws IOException { ++ return readRawLine(inputStream, MAX_LINE_LENGTH); ++ } ++ + /** + * Return byte array from an (unchunked) input stream. + * Stop reading when "\n" terminator encountered +@@ -69,16 +78,21 @@ + * @throws IOException if an I/O problem occurs + * @return a byte array from the stream + */ +- public static byte[] readRawLine(InputStream inputStream) throws IOException { ++ public static byte[] readRawLine(InputStream inputStream, int maxLineLength) throws IOException { + LOG.trace("enter HttpParser.readRawLine()"); + + ByteArrayOutputStream buf = new ByteArrayOutputStream(); + int ch; ++ int count = 0; + while ((ch = inputStream.read()) >= 0) { ++ if (maxLineLength > 0 && count >= maxLineLength) { ++ throw new IOException("Maximum line length limit [" + maxLineLength + "] exceeded"); ++ } + buf.write(ch); + if (ch == '\n') { // be tolerant (RFC-2616 Section 19.3) + break; + } ++ count ++; + } + if (buf.size() == 0) { + return null; +@@ -86,6 +100,10 @@ + return buf.toByteArray(); + } + ++ public static String readLine(InputStream inputStream, String charset) throws IOException { ++ return readLine(inputStream,charset, MAX_LINE_LENGTH); ++ } ++ + /** + * Read up to "\n" from an (unchunked) input stream. + * If the stream ends before the line terminator is found, +@@ -100,9 +118,9 @@ + * + * @since 3.0 + */ +- public static String readLine(InputStream inputStream, String charset) throws IOException { ++ public static String readLine(InputStream inputStream, String charset, int maxLineLength) throws IOException { + LOG.trace("enter HttpParser.readLine(InputStream, String)"); +- byte[] rawdata = readRawLine(inputStream); ++ byte[] rawdata = readRawLine(inputStream, maxLineLength); + if (rawdata == null) { + return null; + } +@@ -138,9 +156,13 @@ + + public static String readLine(InputStream inputStream) throws IOException { + LOG.trace("enter HttpParser.readLine(InputStream)"); +- return readLine(inputStream, "US-ASCII"); ++ return readLine(inputStream, "US-ASCII", MAX_LINE_LENGTH); + } + ++ public static Header[] parseHeaders(InputStream is, String charset) throws IOException, HttpException { ++ LOG.trace("enter HeaderParser.parseHeaders(InputStream, String)"); ++ return parseHeaders(is, charset, MAX_HEADER_COUNT, MAX_LINE_LENGTH); ++ } + /** + * Parses headers from the given stream. Headers with the same name are not + * combined. +@@ -155,14 +177,14 @@ + * + * @since 3.0 + */ +- public static Header[] parseHeaders(InputStream is, String charset) throws IOException, HttpException { +- LOG.trace("enter HeaderParser.parseHeaders(InputStream, String)"); ++ public static Header[] parseHeaders(InputStream is, String charset , int maxHeaderCount, int maxLineLength) throws IOException, HttpException { ++ LOG.trace("enter HeaderParser.parseHeaders(InputStream, String, maxHeaderCount, maxLineLen)"); + + ArrayList headers = new ArrayList(); + String name = null; + StringBuffer value = null; + for (; ;) { +- String line = HttpParser.readLine(is, charset); ++ String line = HttpParser.readLine(is, charset, maxLineLength); + if ((line == null) || (line.trim().length() < 1)) { + break; + } +@@ -184,6 +206,9 @@ + headers.add(new Header(name, value.toString())); + } + ++ if (maxHeaderCount > 0 && headers.size() > maxHeaderCount) { ++ throw new IOException("Maximum header count [" + maxHeaderCount + "] exceeded"); ++ } + // Otherwise we should have normal HTTP header line + // Parse the header name and value + int colon = line.indexOf(":"); +@@ -200,7 +225,10 @@ + if (name != null) { + headers.add(new Header(name, value.toString())); + } +- ++ ++ if (maxHeaderCount > 0 && headers.size() > maxHeaderCount) { ++ throw new IOException("Maximum header count [" + maxHeaderCount + "] exceeded"); ++ } + return (Header[]) headers.toArray(new Header[headers.size()]); + } + +@@ -219,6 +247,6 @@ + */ + public static Header[] parseHeaders(InputStream is) throws IOException, HttpException { + LOG.trace("enter HeaderParser.parseHeaders(InputStream, String)"); +- return parseHeaders(is, "US-ASCII"); ++ return parseHeaders(is, "US-ASCII", MAX_HEADER_COUNT, MAX_LINE_LENGTH); + } + } +Index: src/java/org/apache/commons/httpclient/params/HttpConnectionParams.java +=================================================================== +--- src/java/org/apache/commons/httpclient/params/HttpConnectionParams.java (revision 1180291) ++++ src/java/org/apache/commons/httpclient/params/HttpConnectionParams.java (working copy) +@@ -126,6 +126,27 @@ + public static final String STALE_CONNECTION_CHECK = "http.connection.stalecheck"; + + /** ++ * Determines the maximum line length limit. If set to a positive value, ++ * any HTTP line exceeding this limit will cause an IOException. A negative ++ * or zero value will effectively disable the check. ++ *

++ * This parameter expects a value of type {@link Integer}. ++ *

++ */ ++ public static final String MAX_LINE_LENGTH = "http.connection.max-line-length"; ++ ++ /** ++ * Determines the maximum HTTP header count allowed. If set to a positive ++ * value, the number of HTTP headers received from the data stream exceeding ++ * this limit will cause an IOException. A negative or zero value will ++ * effectively disable the check. ++ *

++ * This parameter expects a value of type {@link Integer}. ++ *

++ */ ++ public static final String MAX_HEADER_COUNT = "http.connection.max-header-count"; ++ ++ /** + * Creates a new collection of parameters with the collection returned + * by {@link #getDefaultParams()} as a parent. The collection will defer + * to its parent for a default value if a particular parameter is not +Index: src/test/org/apache/commons/httpclient/TestHttpParser.java +=================================================================== +--- src/test/org/apache/commons/httpclient/TestHttpParser.java (revision 1180291) ++++ src/test/org/apache/commons/httpclient/TestHttpParser.java (working copy) +@@ -31,9 +31,12 @@ + package org.apache.commons.httpclient; + + import java.io.ByteArrayInputStream; ++import java.io.IOException; + import java.io.InputStream; + +-import junit.framework.*; ++import junit.framework.Test; ++import junit.framework.TestCase; ++import junit.framework.TestSuite; + + /** + * Simple tests for {@link HttpParser}. +@@ -122,4 +125,33 @@ + assertEquals("b", headers[1].getName()); + assertEquals("b", headers[1].getValue()); + } ++ ++ public void testHeadersMaxLineLength() throws Exception { ++ try { ++ InputStream instream = new ByteArrayInputStream("a: averyloooooooooooooooooooooooooooooongheader\r\n".getBytes(HTTP_ELEMENT_CHARSET)); ++ Header[] headers = HttpParser.parseHeaders(instream, HTTP_ELEMENT_CHARSET, -1, 5); ++ fail("An IOException should be thrown here"); ++ } catch (IOException e) { ++ } ++ } ++ ++ public void testHeadersMaxHeaderCount() throws Exception { ++ try { ++ InputStream instream = new ByteArrayInputStream("1: averyloooooo\r\n2: oooo\r\n3: oooooo\r\n4: oooo\r\n5: oooooooooongheader\r\n".getBytes(HTTP_ELEMENT_CHARSET)); ++ Header[] headers = HttpParser.parseHeaders(instream, HTTP_ELEMENT_CHARSET, 4, -1); ++ fail("An IOException should be thrown here"); ++ } catch (IOException e) { ++ } ++ } ++ ++ public void testHeadersDefaultMaxLineLength() throws Exception { ++ InputStream instream = new ByteArrayInputStream("a: averyloooooooooooooooooooooooooooooongheader\r\n".getBytes(HTTP_ELEMENT_CHARSET)); ++ Header[] headers = HttpParser.parseHeaders(instream, HTTP_ELEMENT_CHARSET, -1, -1); ++ } ++ ++ public void testHeadersDefaultMaxHeaderCount() throws Exception { ++ ++ InputStream instream = new ByteArrayInputStream("1: averyloooooo\r\n2: oooo\r\n3: oooooo\r\n4: oooo\r\n5: oooooooooongheader\r\n".getBytes(HTTP_ELEMENT_CHARSET)); ++ Header[] headers = HttpParser.parseHeaders(instream, HTTP_ELEMENT_CHARSET, -1, -1); ++ } + } Added: geronimo/server/branches/2.1/repository/commons-httpclient/README.TXT URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/repository/commons-httpclient/README.TXT?rev=1180318&view=auto ============================================================================== --- geronimo/server/branches/2.1/repository/commons-httpclient/README.TXT (added) +++ geronimo/server/branches/2.1/repository/commons-httpclient/README.TXT Sat Oct 8 05:41:17 2011 @@ -0,0 +1,33 @@ +Private Build of commons-httpclient for Geronimo. + +How to build commons-httpclient 3.0.1-G20111008: +--------------------------------- + Checkout the commons-httpclient 3.0.1 tag + svn co http://svn.apache.org/repos/asf/httpcomponents/oac.hc3x/tags/HTTPCLIENT_3_0_1/ + + +Apply the patches +----------------- + cd HTTPCLIENT_3_0_1 + patch -p0 -i HTTPCLIENT-644.patch + +Build commons-httpclient 3.0.1-G20111008 +--------------- + cd HTTPCLIENT_3_0_1 + ant dist + +Notes: + - Use Sun 1.5.x and Maven 2.0.9 build. + + +Patch Information +----------------- + + HTTPCLIENT-644.patch - Support to configure max header count and max line length property + To make the life easier, and avoid updating those client codes (e.g. Axis2 1.3 etc.). These two options could be configured while starting the server, + -Dhttp.connection.max-line-length=100 -Dhttp.connection.max-header-count=10 + +Copy patched jar files to appropriate locations +----------------------------------------------- + cd HTTPCLIENT_3_0_1 + cp dist/commons-httpclient.jar /repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/commons-httpclient-3.0.1-G20111008.jar Propchange: geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/ ------------------------------------------------------------------------------ bugtraq:number = true Propchange: geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/ ------------------------------------------------------------------------------ bugtraq:number = true Added: geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/commons-httpclient-3.0.1-G20111008.jar URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/commons-httpclient-3.0.1-G20111008.jar?rev=1180318&view=auto ============================================================================== Binary file - no diff available. Propchange: geronimo/server/branches/2.1/repository/commons-httpclient/commons-httpclient/3.0.1-G20111008/commons-httpclient-3.0.1-G20111008.jar ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream