From dev-return-209361-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Tue Jun 2 10:24:18 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id E4E6718064C for ; Tue, 2 Jun 2020 12:24:17 +0200 (CEST) Received: (qmail 28962 invoked by uid 500); 2 Jun 2020 10:24:16 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 28947 invoked by uid 99); 2 Jun 2020 10:24:16 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jun 2020 10:24:16 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 2787F81F29; Tue, 2 Jun 2020 10:24:15 +0000 (UTC) Date: Tue, 02 Jun 2020 10:24:15 +0000 To: "dev@tomcat.apache.org" Subject: [tomcat] branch master updated: Fix BZ 64483 Log a warning when an AJP request is rejected MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <159109345587.9816.18381410409781086046@gitbox.apache.org> From: markt@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: tomcat X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: be5025de4d21cb5e0e7e4573e22c6b8a79e01443 X-Git-Newrev: 186aae31791ea120cf1b4ddd2f9fcb974bd1d5f9 X-Git-Rev: 186aae31791ea120cf1b4ddd2f9fcb974bd1d5f9 X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 186aae3 Fix BZ 64483 Log a warning when an AJP request is rejected 186aae3 is described below commit 186aae31791ea120cf1b4ddd2f9fcb974bd1d5f9 Author: Mark Thomas AuthorDate: Tue Jun 2 11:22:35 2020 +0100 Fix BZ 64483 Log a warning when an AJP request is rejected --- java/org/apache/coyote/ajp/AjpProcessor.java | 14 ++++---------- java/org/apache/coyote/ajp/LocalStrings.properties | 1 + webapps/docs/changelog.xml | 4 ++++ 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java index d24a818..77d6a94 100644 --- a/java/org/apache/coyote/ajp/AjpProcessor.java +++ b/java/org/apache/coyote/ajp/AjpProcessor.java @@ -30,7 +30,6 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.regex.Matcher; import java.util.regex.Pattern; import jakarta.servlet.http.HttpServletResponse; @@ -779,17 +778,12 @@ public class AjpProcessor extends AbstractProcessor { // All 'known' attributes will be processed by the previous // blocks. Any remaining attribute is an 'arbitrary' one. Pattern pattern = protocol.getAllowedRequestAttributesPatternInternal(); - if (pattern == null) { + if (pattern != null && pattern.matcher(n).matches()) { + request.setAttribute(n, v); + } else { + log.warn(sm.getString("ajpprocessor.unknownAttribute", n)); response.setStatus(403); setErrorState(ErrorState.CLOSE_CLEAN, null); - } else { - Matcher m = pattern.matcher(n); - if (m.matches()) { - request.setAttribute(n, v); - } else { - response.setStatus(403); - setErrorState(ErrorState.CLOSE_CLEAN, null); - } } } break; diff --git a/java/org/apache/coyote/ajp/LocalStrings.properties b/java/org/apache/coyote/ajp/LocalStrings.properties index ab377eb..467035d 100644 --- a/java/org/apache/coyote/ajp/LocalStrings.properties +++ b/java/org/apache/coyote/ajp/LocalStrings.properties @@ -26,6 +26,7 @@ ajpprocessor.header.tooLong=Header message of length [{0}] received but the pack ajpprocessor.readtimeout=Timeout attempting to read data from the socket ajpprocessor.request.prepare=Error preparing request ajpprocessor.request.process=Error processing request +ajpprocessor.unknownAttribute=Rejecting request due to unknown request attribute [{0}] received from reverse proxy ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration for [{0}] was ignored ajpprotocol.noSecret=The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 056cf3b..fe75def 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -87,6 +87,10 @@ Expose server certificate through the SSLSupport interface. (remm) + + 64483: Log a warning if an AJP request is rejected because it + contains an unexpected request attribute. (markt) + 64485: Fix possible resource leak geting last modified from ConfigurationSource.Resource. (remm) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org