tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: [patch] wrong rx to invalid url
Date Thu, 18 Sep 2003 21:09:10 GMT
+1 From me as well.

----- Original Message -----
From: "Keith Wannamaker" <Keith@Wannamaker.org>
To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sent: Thursday, September 18, 2003 1:24 PM
Subject: RE: [patch] wrong rx to invalid url


> Yes it can be, good catch.
>
> Keith
>
> | -----Original Message-----
> | From: Remy Maucherat [mailto:remm@apache.org]
> | Sent: Thursday, September 18, 2003 4:07 PM
> | To: Tomcat Developers List
> | Subject: Re: [patch] wrong rx to invalid url
> |
> |
> | Keith Wannamaker wrote:
> |
> | > I'd like to commit something along these lines to the
> | > v4 and v5 CoyoteAdaptors:
> | >
> | > --- coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
16 Mar 2003 01:56:27 -0000      1.13.2.3
> | > +++ coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
18 Sep 2003 19:45:09 -0000
> | > @@ -273,7 +273,13 @@
> | >
> | >          // URI decoding
> | >          req.decodedURI().duplicate(req.requestURI());
> | > -        req.getURLDecoder().convert(req.decodedURI(), false);
> | > +        try {
> | > +          req.getURLDecoder().convert(req.decodedURI(), false);
> | > +        } catch (IOException ioe) {
> | > +            res.setStatus(400);
> | > +            res.setMessage("Invalid URI");
> | > +            throw new IOException("Invalid URI");
> | > +        }
> | >          req.decodedURI().setEncoding("UTF-8");
> | >
> | >          // Normalize decoded URI
> | >
> | > UDecoder.convert will throw a CharConversionException for
> | > urls which contain '%' with invalid or no trailing hex digits.
> | > This exception is ignored and Tomcat is returning a 200 with
> | > an empty body, which is wrong.
> | >
> | > Any suggestions on a better way to correct are welcome.
> |
> | +1, this seems ok (good thing the request is properly recycled anyway).
> | BTW, can't the original ioe be rethrown (this seems simpler) ?
> |
> | Remy
> |
> |
> |
> | ---------------------------------------------------------------------
> | To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> | For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> |
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>


Mime
View raw message