From 46c2ab19f18da51f00726d915d36cbc9503b3d80 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 1 Mar 2011 12:32:25 +0000
Subject: [PATCH] Improve handling of SSL renegotiation by failing earlier when
 the request body contains more bytes than maxSavePostSize.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1075792 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/authenticator/SSLAuthenticator.java  | 11 +++++++++--
 .../org/apache/coyote/http11/filters/BufferedInputFilter.java |  6 ++++--
 webapps/docs/changelog.xml                                    |  4 ++++
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/SSLAuthenticator.java b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
index 9af893a0d..988f24836 100644
--- a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
@@ -132,8 +132,15 @@ public class SSLAuthenticator
         X509Certificate certs[] = (X509Certificate[])
             request.getAttribute(Globals.CERTIFICATES_ATTR);
         if ((certs == null) || (certs.length < 1)) {
-            request.getCoyoteRequest().action
-                              (ActionCode.REQ_SSL_CERTIFICATE, null);
+            try {
+                request.getCoyoteRequest().action
+                                  (ActionCode.REQ_SSL_CERTIFICATE, null);
+            } catch (IllegalStateException ise) {
+                // Request body was too large for save buffer
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+                        sm.getString("authenticator.certificates"));
+                return false;
+            }
             certs = (X509Certificate[])
                 request.getAttribute(Globals.CERTIFICATES_ATTR);
         }
diff --git a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
index b79e7eb9e..14dc25ea1 100644
--- a/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
+++ b/java/org/apache/coyote/http11/filters/BufferedInputFilter.java
@@ -80,8 +80,10 @@ public class BufferedInputFilter implements InputFilter {
                 buffered.append(tempRead);
                 tempRead.recycle();
             }
-        } catch(IOException iex) {
-            // Ignore
+        } catch(IOException ioe) {
+            // No need for i18n - this isn't going to get logged anywhere
+            throw new IllegalStateException(
+                    "Request body too large for buffer");
         }
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e7571d66b..4cb3d0e0a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -50,6 +50,10 @@
         presented by Ant tasks to the Manager application. Based on a patch by
         Stephane Bailliez. (mark) 
       </fix>
+      <fix>
+        Improve handling of SSL renegotiation by failing earlier when the
+        request body contains more bytes than maxSavePostSize. (markt)
+      </fix>
     </changelog>
   </subsection>
 </section>
-- 
2.11.0