hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1342001 - in /httpcomponents/httpcore/trunk: RELEASE_NOTES.txt httpcore/src/main/java/org/apache/http/impl/io/AbstractSessionInputBuffer.java httpcore/src/test/java/org/apache/http/impl/io/TestSessionBuffers.java
Date Wed, 23 May 2012 19:55:06 GMT
Author: olegk
Date: Wed May 23 19:55:05 2012
New Revision: 1342001

URL: http://svn.apache.org/viewvc?rev=1342001&view=rev
Log:
HTTPCORE-263: Under rare circumstances incorrectly delineated or garbled HTTP message can
cause an IndexOutOfBoundsException in AbstractSessionInputBuffer#readLine()
Contributed by Michael Pujos <bubbleguuum at free.fr>

Modified:
    httpcomponents/httpcore/trunk/RELEASE_NOTES.txt
    httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/impl/io/AbstractSessionInputBuffer.java
    httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/impl/io/TestSessionBuffers.java

Modified: httpcomponents/httpcore/trunk/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/RELEASE_NOTES.txt?rev=1342001&r1=1342000&r2=1342001&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpcore/trunk/RELEASE_NOTES.txt Wed May 23 19:55:05 2012
@@ -1,6 +1,10 @@
 Changes since 4.2
 -------------------
 
+* [HTTPCORE-263] Under rare circumstances incorrectly delineated or garbled HTTP message
+  can cause an IndexOutOfBoundsException in AbstractSessionInputBuffer#readLine()
+  Contributed by Michael Pujos <bubbleguuum at free.fr> 
+
 * Made connection pools use FIFO algorithm instead of LIFO when leasing / releasing persistent
   connections.
   Contributed by Oleg Kalnichevski <olegk at apache.org>

Modified: httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/impl/io/AbstractSessionInputBuffer.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/impl/io/AbstractSessionInputBuffer.java?rev=1342001&r1=1342000&r2=1342001&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/impl/io/AbstractSessionInputBuffer.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/impl/io/AbstractSessionInputBuffer.java
Wed May 23 19:55:05 2012
@@ -337,7 +337,7 @@ public abstract class AbstractSessionInp
         int off = this.bufferpos;
         int len;
         this.bufferpos = pos + 1;
-        if (pos > 0 && this.buffer[pos - 1] == HTTP.CR) {
+        if (pos > off && this.buffer[pos - 1] == HTTP.CR) {
             // skip CR if found
             pos--;
         }

Modified: httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/impl/io/TestSessionBuffers.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/impl/io/TestSessionBuffers.java?rev=1342001&r1=1342000&r2=1342001&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/impl/io/TestSessionBuffers.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/impl/io/TestSessionBuffers.java
Wed May 23 19:55:05 2012
@@ -400,6 +400,19 @@ public class TestSessionBuffers {
         }
     }
 
+    @Test
+    public void testReadLineFringeCase1() throws Exception {
+        HttpParams params = new BasicHttpParams();
+        String s = "abc\r\n";
+        byte[] tmp = s.getBytes("US-ASCII");
+        SessionInputBufferMock inbuffer1 = new SessionInputBufferMock(tmp, 128, params);
+        Assert.assertEquals('a', inbuffer1.read());
+        Assert.assertEquals('b', inbuffer1.read());
+        Assert.assertEquals('c', inbuffer1.read());
+        Assert.assertEquals('\r', inbuffer1.read());
+        Assert.assertEquals("", inbuffer1.readLine());
+    }
+
     static final int SWISS_GERMAN_HELLO [] = {
         0x47, 0x72, 0xFC, 0x65, 0x7A, 0x69, 0x5F, 0x7A, 0xE4, 0x6D, 0xE4
     };



Mime
View raw message