tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r781362 - in /tomcat/connectors/trunk/jk/java/org/apache/jk/common: ChannelNioSocket.java ChannelSocket.java HandlerRequest.java
Date Wed, 03 Jun 2009 13:22:11 GMT
Author: markt
Date: Wed Jun  3 13:22:11 2009
New Revision: 781362

URL: http://svn.apache.org/viewvc?rev=781362&view=rev
Log:
Make sure the 400 is returned to the browser. (like other connectors).
The prevents a possible DOS via invalid headers and is the fix for CVE-2009-0033.

Modified:
    tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java
    tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java
    tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java

Modified: tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java?rev=781362&r1=781361&r2=781362&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java (original)
+++ tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelNioSocket.java Wed Jun  3
13:22:11 2009
@@ -56,6 +56,7 @@
 import org.apache.coyote.Request;
 import org.apache.coyote.RequestGroupInfo;
 import org.apache.coyote.RequestInfo;
+import org.apache.coyote.ActionCode;
 import org.apache.tomcat.util.threads.ThreadPool;
 import org.apache.tomcat.util.threads.ThreadPoolRunnable;
 
@@ -854,6 +855,7 @@
                     status= invoke( recv, ep );
                     if( status != JkHandler.OK ) {
                         log.warn("processCallbacks status " + status );
+                        ep.action(ActionCode.ACTION_CLOSE, ep.getRequest().getResponse());
                         return false;
                     }
                     synchronized(this) {

Modified: tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java?rev=781362&r1=781361&r2=781362&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java (original)
+++ tomcat/connectors/trunk/jk/java/org/apache/jk/common/ChannelSocket.java Wed Jun  3 13:22:11
2009
@@ -46,6 +46,7 @@
 import org.apache.coyote.Request;
 import org.apache.coyote.RequestGroupInfo;
 import org.apache.coyote.RequestInfo;
+import org.apache.coyote.ActionCode;
 import org.apache.tomcat.util.threads.ThreadPool;
 import org.apache.tomcat.util.threads.ThreadPoolRunnable;
 
@@ -703,6 +704,7 @@
                 status= this.invoke( recv, ep );
                 if( status!= JkHandler.OK ) {
                     log.warn("processCallbacks status " + status );
+                    ep.action(ActionCode.ACTION_CLOSE, ep.getRequest().getResponse());
                     break;
                 }
             }

Modified: tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java?rev=781362&r1=781361&r2=781362&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java (original)
+++ tomcat/connectors/trunk/jk/java/org/apache/jk/common/HandlerRequest.java Wed Jun  3 13:22:11
2009
@@ -265,8 +265,16 @@
                                  ((Request)ep.getRequest()).unparsedURI());
                 }
             } catch( Exception ex ) {
+                /* If we are here it is because we have a bad header or something like that
*/
                 log.error( "Error decoding request ", ex );
                 msg.dump( "Incomming message");
+                Response res=ep.getRequest().getResponse();
+                if ( res==null ) {
+                    res=new Response();
+                    ep.getRequest().setResponse(res);
+                }
+                res.setMessage("Bad Request");
+                res.setStatus(400);
                 return ERROR;
             }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message