tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: how to test hash collision security fix in tomcat 7.1
Date Wed, 30 May 2012 21:09:45 GMT
2012/5/30 manjesh <manjesh.h@gmail.com>:
> Hi ,
> I have downloaded tomcat 7.1 for Windows OS
>

1. There is no such version. I do not know what you are testing.

> added the following parameter (maxParameterCoun)  into server.xml
>
>  <Connector port="8080" protocol="HTTP/1.1"
>              connectionTimeout="20000"
>              redirectPort="8443" maxParameterCount="5"/>
>
>
>
> restarted the server.
>
> to test this fix , I created a JSP with 6 text fields having same name
> ( example   <input type="text" name="username"/>  6 input boxes )
> when I give input for all of these input fields and click on submit,
> still the request is being processed...
> I am expecting  the request processing should be aborted and
> illegateStateException must be thrown according to the fix done in
> Parameters class  of (tomcat-coyote.jar)
>

2. Your expectations are wrong. Documentation for that option in
configuration reference says exactly what happens what you have more
parameters than specified by that option.

An IllegalStateException cannot be thrown, because Servlet API does
not allow that.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message