Improve handling of SSL renegotiation by failing earlier when the request body contai...

author markt <markt@13f79535-47bb-0310-9956-ffa450edef68>

Tue, 1 Mar 2011 12:32:25 +0000 (12:32 +0000)

committer markt <markt@13f79535-47bb-0310-9956-ffa450edef68>

Tue, 1 Mar 2011 12:32:25 +0000 (12:32 +0000)
author markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Tue, 1 Mar 2011 12:32:25 +0000 (12:32 +0000)
committer markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Tue, 1 Mar 2011 12:32:25 +0000 (12:32 +0000)
diff --git a/java/org/apache/catalina/authenticator/SSLAuthenticator.java b/java/org/apache/catalina/authenticator/SSLAuthenticator.java

index 9af893a..988f248 100644 (file)
--- a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
@@ -132,8 +132,15 @@ public class SSLAuthenticator
          X509Certificate certs[] = (X509Certificate[])
              request.getAttribute(Globals.CERTIFICATES_ATTR);
          if ((certs == null) || (certs.length < 1)) {
-            request.getCoyoteRequest().action
-                              (ActionCode.REQ_SSL_CERTIFICATE, null);
+            try {
+                request.getCoyoteRequest().action
+                                  (ActionCode.REQ_SSL_CERTIFICATE, null);
+            } catch (IllegalStateException ise) {
+                // Request body was too large for save buffer
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+                        sm.getString("authenticator.certificates"));
+                return false;
+            }
              certs = (X509Certificate[])
                  request.getAttribute(Globals.CERTIFICATES_ATTR);
          }
diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java

index b79e7eb..14dc25e 100644 (file)
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -80,8 +80,10 @@ public class BufferedInputFilter implements InputFilter {
                  buffered.append(tempRead);
                  tempRead.recycle();
              }
-        } catch(IOException iex) {
-            // Ignore
+        } catch(IOException ioe) {
+            // No need for i18n - this isn't going to get logged anywhere
+            throw new IllegalStateException(
+                    "Request body too large for buffer");
          }
      }
  
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml

index e7571d6..4cb3d0e 100644 (file)
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -50,6 +50,10 @@
          presented by Ant tasks to the Manager application. Based on a patch by
          Stephane Bailliez. (mark) 
        </fix>
+      <fix>
+        Improve handling of SSL renegotiation by failing earlier when the
+        request body contains more bytes than maxSavePostSize. (markt)
+      </fix>
      </changelog>
    </subsection>
  </section>
author	markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
	Tue, 1 Mar 2011 12:32:25 +0000 (12:32 +0000)
committer	markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
	Tue, 1 Mar 2011 12:32:25 +0000 (12:32 +0000)
java/org/apache/catalina/authenticator/SSLAuthenticator.java		patch \| blob \| history
java/org/apache/coyote/http11/filters/BufferedInputFilter.java		patch \| blob \| history
webapps/docs/changelog.xml		patch \| blob \| history