From dev-return-209363-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Tue Jun 2 10:29:09 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 166EA18064C for ; Tue, 2 Jun 2020 12:29:08 +0200 (CEST) Received: (qmail 39649 invoked by uid 500); 2 Jun 2020 10:29:07 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 39639 invoked by uid 99); 2 Jun 2020 10:29:07 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jun 2020 10:29:07 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 4BA1581F29; Tue, 2 Jun 2020 10:29:07 +0000 (UTC) Date: Tue, 02 Jun 2020 10:29:07 +0000 To: "dev@tomcat.apache.org" Subject: [tomcat] branch 8.5.x updated: Fix BZ 64483 Log a warning when an AJP request is rejected MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <159109374700.20845.7600960296809492099@gitbox.apache.org> From: markt@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: tomcat X-Git-Refname: refs/heads/8.5.x X-Git-Reftype: branch X-Git-Oldrev: 61e533f322f33de6cb4c78e9116baff22b880021 X-Git-Newrev: 06edd300c183fc0e49df81a86666fae58d8fbed9 X-Git-Rev: 06edd300c183fc0e49df81a86666fae58d8fbed9 X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 06edd30 Fix BZ 64483 Log a warning when an AJP request is rejected 06edd30 is described below commit 06edd300c183fc0e49df81a86666fae58d8fbed9 Author: Mark Thomas AuthorDate: Tue Jun 2 11:22:35 2020 +0100 Fix BZ 64483 Log a warning when an AJP request is rejected --- java/org/apache/coyote/ajp/AjpProcessor.java | 15 +++++---------- java/org/apache/coyote/ajp/LocalStrings.properties | 1 + webapps/docs/changelog.xml | 4 ++++ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java index fa71116..e65486d 100644 --- a/java/org/apache/coyote/ajp/AjpProcessor.java +++ b/java/org/apache/coyote/ajp/AjpProcessor.java @@ -28,7 +28,6 @@ import java.security.cert.X509Certificate; import java.util.Collections; import java.util.HashSet; import java.util.Set; -import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.http.HttpServletResponse; @@ -863,17 +862,13 @@ public class AjpProcessor extends AbstractProcessor { } else { // All 'known' attributes will be processed by the previous // blocks. Any remaining attribute is an 'arbitrary' one. - if (allowedRequestAttributesPattern == null) { + if (allowedRequestAttributesPattern != null && + allowedRequestAttributesPattern.matcher(n).matches()) { + request.setAttribute(n, v); + } else { + log.warn(sm.getString("ajpprocessor.unknownAttribute", n)); response.setStatus(403); setErrorState(ErrorState.CLOSE_CLEAN, null); - } else { - Matcher m = allowedRequestAttributesPattern.matcher(n); - if (m.matches()) { - request.setAttribute(n, v); - } else { - response.setStatus(403); - setErrorState(ErrorState.CLOSE_CLEAN, null); - } } } break; diff --git a/java/org/apache/coyote/ajp/LocalStrings.properties b/java/org/apache/coyote/ajp/LocalStrings.properties index 38067ca..bc9bae6 100644 --- a/java/org/apache/coyote/ajp/LocalStrings.properties +++ b/java/org/apache/coyote/ajp/LocalStrings.properties @@ -29,6 +29,7 @@ ajpprocessor.header.tooLong=Header message of length [{0}] received but the pack ajpprocessor.readtimeout=Timeout attempting to read data from the socket ajpprocessor.request.prepare=Error preparing request ajpprocessor.request.process=Error processing request +ajpprocessor.unknownAttribute=Rejecting request due to unknown request attribute [{0}] received from reverse proxy ajpprotocol.noBio=The AJP BIO connector has been removed in Tomcat 8.5.x onwards. The AJP BIO connector configuration has been automatically switched to use the AJP NIO connector instead. ajpprotocol.noSSL=SSL is not supported with AJP. The SSL host configuration for [{0}] was ignored diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index cb81ea7..8d31f4a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -79,6 +79,10 @@ 64467: Improve performance of closing idle HTTP/2 streams. (markt) + + 64483: Log a warning if an AJP request is rejected because it + contains an unexpected request attribute. (markt) + --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org