tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject [tomcat] branch master updated: Fix BZ 64483 Log a warning when an AJP request is rejected
Date Tue, 02 Jun 2020 10:24:15 GMT
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 186aae3  Fix BZ 64483 Log a warning when an AJP request is rejected
186aae3 is described below

commit 186aae31791ea120cf1b4ddd2f9fcb974bd1d5f9
Author: Mark Thomas <markt@apache.org>
AuthorDate: Tue Jun 2 11:22:35 2020 +0100

    Fix BZ 64483 Log a warning when an AJP request is rejected
---
 java/org/apache/coyote/ajp/AjpProcessor.java       | 14 ++++----------
 java/org/apache/coyote/ajp/LocalStrings.properties |  1 +
 webapps/docs/changelog.xml                         |  4 ++++
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java
index d24a818..77d6a94 100644
--- a/java/org/apache/coyote/ajp/AjpProcessor.java
+++ b/java/org/apache/coyote/ajp/AjpProcessor.java
@@ -30,7 +30,6 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import jakarta.servlet.http.HttpServletResponse;
@@ -779,17 +778,12 @@ public class AjpProcessor extends AbstractProcessor {
                     // All 'known' attributes will be processed by the previous
                     // blocks. Any remaining attribute is an 'arbitrary' one.
                     Pattern pattern = protocol.getAllowedRequestAttributesPatternInternal();
-                    if (pattern == null) {
+                    if (pattern != null && pattern.matcher(n).matches()) {
+                        request.setAttribute(n, v);
+                    } else {
+                        log.warn(sm.getString("ajpprocessor.unknownAttribute", n));
                         response.setStatus(403);
                         setErrorState(ErrorState.CLOSE_CLEAN, null);
-                    } else {
-                        Matcher m = pattern.matcher(n);
-                        if (m.matches()) {
-                            request.setAttribute(n, v);
-                        } else {
-                            response.setStatus(403);
-                            setErrorState(ErrorState.CLOSE_CLEAN, null);
-                        }
                     }
                 }
                 break;
diff --git a/java/org/apache/coyote/ajp/LocalStrings.properties b/java/org/apache/coyote/ajp/LocalStrings.properties
index ab377eb..467035d 100644
--- a/java/org/apache/coyote/ajp/LocalStrings.properties
+++ b/java/org/apache/coyote/ajp/LocalStrings.properties
@@ -26,6 +26,7 @@ ajpprocessor.header.tooLong=Header message of length [{0}] received but
the pack
 ajpprocessor.readtimeout=Timeout attempting to read data from the socket
 ajpprocessor.request.prepare=Error preparing request
 ajpprocessor.request.process=Error processing request
+ajpprocessor.unknownAttribute=Rejecting request due to unknown request attribute [{0}] received
from reverse proxy
 
 ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration for [{0}] was
ignored
 ajpprotocol.noSecret=The AJP Connector is configured with secretRequired="true" but the secret
attribute is either null or "". This combination is not valid.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 056cf3b..fe75def 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -87,6 +87,10 @@
         Expose server certificate through the <code>SSLSupport</code>
         interface. (remm)
       </update>
+      <add>
+        <bug>64483</bug>: Log a warning if an AJP request is rejected because
it
+        contains an unexpected request attribute. (markt)
+      </add>
       <fix>
         <bug>64485</bug>: Fix possible resource leak geting last modified from
         <code>ConfigurationSource.Resource</code>. (remm)


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message