tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1392254 - in /tomcat/tc5.5.x/trunk: ./ connectors/http11/src/java/org/apache/coyote/http11/ connectors/http11/src/java/org/apache/coyote/http11/filters/ connectors/jk/java/org/apache/coyote/ajp/ connectors/jk/java/org/apache/jk/common/ con...
Date Mon, 01 Oct 2012 09:43:50 GMT
Author: markt
Date: Mon Oct  1 09:43:50 2012
New Revision: 1392254

URL: http://svn.apache.org/viewvc?rev=1392254&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
A. Better handling of edge conditions in chunk header processing (BZ 42181)
B. Improve chunk header parsing. Properly ignore chunk-extension suffix, not trying to parse
digits contained in it. Reject chunks whose header is incorrect.

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
    tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
    tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
    tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
    tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java
    tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java
    tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java
    tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Oct  1 09:43:50 2012
@@ -28,15 +28,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK/
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
-  A. Better handling of edge conditions in chunk header processing (BZ 42181)
-  B. Improve chunk header parsing. Properly ignore chunk-extension suffix,
-  not trying to parse digits contained in it. Reject chunks whose header is
-  incorrect. (backport of r423453)
-  https://issues.apache.org/bugzilla/attachment.cgi?id=29295
-  +1: kkolinko, markt, kfujino
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53830
   Better handling of Manager.randomFile default value on Windows
   https://issues.apache.org/bugzilla/attachment.cgi?id=29331

Modified: tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
(original)
+++ tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Constants.java
Mon Oct  1 09:43:50 2012
@@ -85,6 +85,11 @@ public final class Constants {
      */
     public static final byte COLON = (byte) ':';
 
+    /**
+     * SEMI_COLON.
+     */
+    public static final byte SEMI_COLON = (byte) ';';
+
 
     /**
      * 'A'.

Modified: tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
(original)
+++ tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
Mon Oct  1 09:43:50 2012
@@ -113,7 +113,7 @@ public class Http11AprProcessor implemen
         initializeFilters();
 
         // Cause loading of HexUtils
-        int foo = HexUtils.DEC[0];
+        HexUtils.getDec('0');
 
         // Cause loading of FastHttpDateFormat
         FastHttpDateFormat.getCurrentDate();
@@ -1461,7 +1461,7 @@ public class Http11AprProcessor implemen
             int port = 0;
             int mult = 1;
             for (int i = valueL - 1; i > colonPos; i--) {
-                int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+                int charValue = HexUtils.getDec(valueB[i + valueS]);
                 if (charValue == -1) {
                     // Invalid character
                     error = true;

Modified: tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
(original)
+++ tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
Mon Oct  1 09:43:50 2012
@@ -111,7 +111,7 @@ public class Http11Processor implements 
         initializeFilters();
 
         // Cause loading of HexUtils
-        int foo = HexUtils.DEC[0];
+        HexUtils.getDec('0');
 
     }
 
@@ -1422,7 +1422,7 @@ public class Http11Processor implements 
             int port = 0;
             int mult = 1;
             for (int i = valueL - 1; i > colonPos; i--) {
-                int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+                int charValue = HexUtils.getDec(valueB[i + valueS]);
                 if (charValue == -1) {
                     // Invalid character
                     error = true;

Modified: tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
(original)
+++ tomcat/tc5.5.x/trunk/connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Mon Oct  1 09:43:50 2012
@@ -28,7 +28,8 @@ import org.apache.coyote.http11.Constant
 import org.apache.coyote.http11.InputFilter;
 
 /**
- * Chunked input filter.
+ * Chunked input filter. Parses chunked data according to
+ * <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6.1">http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6.1</a><br>
  * 
  * @author Remy Maucherat
  */
@@ -128,7 +129,7 @@ public class ChunkedInputFilter implemen
 
         if (remaining <= 0) {
             if (!parseChunkHeader()) {
-                throw new IOException("Invalid chunk");
+                throw new IOException("Invalid chunk header");
             }
             if (endChunk) {
                 parseEndChunk();
@@ -236,6 +237,14 @@ public class ChunkedInputFilter implemen
 
     /**
      * Parse the header of a chunk.
+     * A chunk header can look like one of the following:<br />
+     * A10CRLF<br />
+     * F23;chunk-extension to be ignoredCRLF
+     *
+     * <p>
+     * The letters before CRLF or ';' (whatever comes first) must be valid hex
+     * digits. We should not parse F23IAMGONNAMESSTHISUP34CRLF as a valid
+     * header according to the spec.
      */
     protected boolean parseChunkHeader()
         throws IOException {
@@ -243,6 +252,7 @@ public class ChunkedInputFilter implemen
         int result = 0;
         boolean eol = false;
         boolean readDigit = false;
+        boolean trailer = false;
 
         while (!eol) {
 
@@ -254,11 +264,19 @@ public class ChunkedInputFilter implemen
             if (buf[pos] == Constants.CR) {
             } else if (buf[pos] == Constants.LF) {
                 eol = true;
-            } else {
-                if (HexUtils.DEC[buf[pos]] != -1) {
+            } else if (buf[pos] == Constants.SEMI_COLON) {
+                trailer = true;
+            } else if (!trailer) { 
+                //don't read data after the trailer
+                int charValue = HexUtils.getDec(buf[pos]);
+                if (charValue != -1) {
                     readDigit = true;
                     result *= 16;
-                    result += HexUtils.DEC[buf[pos]];
+                    result += charValue;
+                } else {
+                    //we shouldn't allow invalid, non hex characters
+                    //in the chunked header
+                    return false;
                 }
             }
 

Modified: tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java (original)
+++ tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java Mon
Oct  1 09:43:50 2012
@@ -103,7 +103,7 @@ public class AjpAprProcessor implements 
         outputBuffer = ByteBuffer.allocateDirect(packetSize * 2);
 
         // Cause loading of HexUtils
-        int foo = HexUtils.DEC[0];
+        HexUtils.getDec('0');
 
         // Cause loading of HttpMessages
         HttpMessages.getMessage(200);
@@ -935,7 +935,7 @@ public class AjpAprProcessor implements 
             int port = 0;
             int mult = 1;
             for (int i = valueL - 1; i > colonPos; i--) {
-                int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+                int charValue = HexUtils.getDec(valueB[i + valueS]);
                 if (charValue == -1) {
                     // Invalid character
                     error = true;

Modified: tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java (original)
+++ tomcat/tc5.5.x/trunk/connectors/jk/java/org/apache/jk/common/HandlerRequest.java Mon Oct
 1 09:43:50 2012
@@ -674,7 +674,7 @@ public class HandlerRequest extends JkHa
             int port = 0;
             int mult = 1;
             for (int i = valueL - 1; i > colonPos; i--) {
-                int charValue = HexUtils.DEC[(int) valueB[i + valueS]];
+                int charValue = HexUtils.getDec(valueB[i + valueS]);
                 if (charValue == -1) {
                     // Invalid character
                     throw new CharConversionException("Invalid char in port: " + valueB[i
+ valueS]); 

Modified: tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java (original)
+++ tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/buf/HexUtils.java Mon
Oct  1 09:43:50 2012
@@ -36,6 +36,7 @@ public final class HexUtils {
 
     /**
      *  Table for HEX to DEC byte translation.
+     *  @deprecated Use {@link #getDec(int)}
      */
     public static final int[] DEC = {
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
@@ -76,6 +77,15 @@ public final class HexUtils {
     // --------------------------------------------------------- Static Methods
 
 
+    public static int getDec(int index){
+        try {
+            return DEC[index];
+        } catch (ArrayIndexOutOfBoundsException ex) {
+            return -1;
+        }
+    }
+
+
     /**
      * Convert a String of hexadecimal digits into the corresponding
      * byte array by encoding each two hexadecimal digits as a byte.
@@ -154,21 +164,21 @@ public final class HexUtils {
 	// assert valid data
 	int len;
 	if(hex.length < 4 ) return 0;
-	if( DEC[hex[0]]<0 )
+	if( getDec(hex[0])<0 )
 	    throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-	len = DEC[hex[0]];
+	len = getDec(hex[0]);
 	len = len << 4;
-	if( DEC[hex[1]]<0 )
+	if( getDec(hex[1])<0 )
 	    throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-	len += DEC[hex[1]];
+	len += getDec(hex[1]);
 	len = len << 4;
-	if( DEC[hex[2]]<0 )
+	if( getDec(hex[2])<0 )
 	    throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-	len += DEC[hex[2]];
+	len += getDec(hex[2]);
 	len = len << 4;
-	if( DEC[hex[3]]<0 )
+	if( getDec(hex[3])<0 )
 	    throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-	len += DEC[hex[3]];
+	len += getDec(hex[3]);
 	return len;
     }
 

Modified: tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
(original)
+++ tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/util/HexUtils.java
Mon Oct  1 09:43:50 2012
@@ -30,7 +30,10 @@ import java.io.ByteArrayOutputStream;
 public final class HexUtils {
     // Code from Ajp11, from Apache's JServ
 
-    // Table for HEX to DEC byte translation
+    /**
+     *  Table for HEX to DEC byte translation.
+     *  @deprecated Use {@link #getDec(int)}
+     */
     public static final int[] DEC = {
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
@@ -59,6 +62,18 @@ public final class HexUtils {
         StringManager.getManager("org.apache.catalina.util");
 
 
+    // --------------------------------------------------------- Static Methods
+
+
+    public static int getDec(int index){
+        try {
+            return DEC[index];
+        } catch (ArrayIndexOutOfBoundsException ex) {
+            return -1;
+        }
+    }
+
+
     /**
      * Convert a String of hexadecimal digits into the corresponding
      * byte array by encoding each two hexadecimal digits as a byte.
@@ -137,21 +152,21 @@ public final class HexUtils {
         // assert valid data
         int len;
         if(hex.length < 4 ) return 0;
-        if( DEC[hex[0]]<0 )
+        if( getDec(hex[0])<0 )
             throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-        len = DEC[hex[0]];
+        len = getDec(hex[0]);
         len = len << 4;
-        if( DEC[hex[1]]<0 )
+        if( getDec(hex[1])<0 )
             throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-        len += DEC[hex[1]];
+        len += getDec(hex[1]);
         len = len << 4;
-        if( DEC[hex[2]]<0 )
+        if( getDec(hex[2])<0 )
             throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-        len += DEC[hex[2]];
+        len += getDec(hex[2]);
         len = len << 4;
-        if( DEC[hex[3]]<0 )
+        if( getDec(hex[3])<0 )
             throw new IllegalArgumentException(sm.getString("hexUtil.bad"));
-        len += DEC[hex[3]];
+        len += getDec(hex[3]);
         return len;
     }
 

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1392254&r1=1392253&r2=1392254&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Mon Oct  1 09:43:50 2012
@@ -82,6 +82,12 @@
       <add>
         Implement the maxHeaderCount for the HTTP connectors. (kkolinko)
       </add>
+      <fix>
+        <bug>42181</bug>: Better handling of edge conditions in chunk header
+        processing. Improve chunk header parsing. Properly ignore
+        chunk-extension suffix, not trying to parse digits contained in it.
+        Reject chunks whose header is incorrect. (kkolinko)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Webapps">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message