tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thushara Wijeratna <thu...@gmail.com>
Subject can tomcat do uri decoding leniently?
Date Tue, 03 Jul 2012 23:39:39 GMT
Is it possible to have tomcat decode web request parameters leniently? This
is how perl, python libs do it by default.

For incorrect encodings, tomcat currently rejects the parameter and the way
tomcat decodes, it does get corrupted in the buffer built
inside org.apache.tomcat.util.buf.UDecoder.convert().

When decoding fails, we see this in the catalina.out file :

INFO: Character decoding failed. Parameter [ns_cut] with value
[c9=http%3A%2F%2Fwww4.mpire.com%2Fadreview%2Fvarick.htm2Fvarick.htm%] has
been ignored. Note that the name and value quoted here may be corrupted due
to the failed decoding. Use debug level logging to see the original,
non-corrupted values.
java.io.CharConversionException: EOF
at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:80)
at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:46)
at org.apache.tomcat.util.http.Parameters.urlDecode(Parameters.java:410)
at
org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:370)
at
org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:420)
at
org.apache.tomcat.util.http.Parameters.handleQueryParameters(Parameters.java:186)
at org.apache.catalina.connector.Request.parseParameters(Request.java:2594)
at
org.apache.catalina.connector.Request.getParameterNames(Request.java:1148)
at org.apache.catalina.connector.Request.getParameterMap(Request.java:1128)
at
org.apache.catalina.connector.RequestFacade.getParameterMap(RequestFacade.java:414)
at
com.mpire.mpsys.req.RequestDispatcher.dispatch(RequestDispatcher.java:374)
at
com.mpire.mpsys.MpireSystemServlet.dispatchRequest(MpireSystemServlet.java:396)
at com.mpire.mpsys.MpireSystemServlet.doGet(MpireSystemServlet.java:371)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)


This is the parameter that produced this failure :

ns_cut=c9%3Dhttp%253A%252F%252Fwww4.mpire.com%252Fadreview%252Fvarick.htm%

So the trailing % is not leniently handled by tomcat. But notice, that the
tomcat buffer is corrupted - it has an additional 2Fvarick.htm


What I'm looking for is this type of lenient decoding :

[~/] python -c 'import urllib; print urllib.unquote("c9%3Dhttp%253A%252F%
252Fwww4.mpire.com%252Fadreview%252Fvarick.htm%");'
c9=http%3A%2F%2Fwww4.mpire.com%2Fadreview%2Fvarick.htm%

thx,
thushara

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message