From 5f99065433a91284d120cd2c4fefa32a9cdfc6fb Mon Sep 17 00:00:00 2001 From: markt Date: Mon, 19 May 2008 20:07:20 +0000 Subject: [PATCH] Note: This patch is on the critical path. Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42750 Making parsing of the request line tolerant of multiple SP and/or HT rather than requiring single SP characters. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@657954 13f79535-47bb-0310-9956-ffa450edef68 --- .../coyote/http11/InternalAprInputBuffer.java | 36 ++++++++++++++++++++-- .../apache/coyote/http11/InternalInputBuffer.java | 36 ++++++++++++++++++++-- .../coyote/http11/InternalNioInputBuffer.java | 35 +++++++++++++++++++-- 3 files changed, 98 insertions(+), 9 deletions(-) diff --git a/java/org/apache/coyote/http11/InternalAprInputBuffer.java b/java/org/apache/coyote/http11/InternalAprInputBuffer.java index 428645813..f1137cf29 100644 --- a/java/org/apache/coyote/http11/InternalAprInputBuffer.java +++ b/java/org/apache/coyote/http11/InternalAprInputBuffer.java @@ -403,7 +403,8 @@ public class InternalAprInputBuffer implements InputBuffer { throw new EOFException(sm.getString("iib.eof.error")); } - if (buf[pos] == Constants.SP) { + // Spec says single SP but it also says be tolerant of HT + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; request.method().setBytes(buf, start, pos - start); } @@ -412,6 +413,20 @@ public class InternalAprInputBuffer implements InputBuffer { } + // Spec says single SP but also says be tolerant of multiple and/or HT + while (space) { + // Read new bytes if needed + if (pos >= lastValid) { + if (!fill()) + throw new EOFException(sm.getString("iib.eof.error")); + } + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { + pos++; + } else { + space = false; + } + } + // Mark the current buffer position start = pos; int end = 0; @@ -421,7 +436,6 @@ public class InternalAprInputBuffer implements InputBuffer { // Reading the URI // - space = false; boolean eol = false; while (!space) { @@ -432,7 +446,8 @@ public class InternalAprInputBuffer implements InputBuffer { throw new EOFException(sm.getString("iib.eof.error")); } - if (buf[pos] == Constants.SP) { + // Spec says single SP but it also says be tolerant of HT + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; end = pos; } else if ((buf[pos] == Constants.CR) @@ -459,6 +474,21 @@ public class InternalAprInputBuffer implements InputBuffer { request.requestURI().setBytes(buf, start, end - start); } + // Spec says single SP but also says be tolerant of multiple and/or HT + while (space) { + // Read new bytes if needed + if (pos >= lastValid) { + if (!fill()) + throw new EOFException(sm.getString("iib.eof.error")); + } + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { + pos++; + } else { + space = false; + } + } + + // Mark the current buffer position start = pos; end = 0; diff --git a/java/org/apache/coyote/http11/InternalInputBuffer.java b/java/org/apache/coyote/http11/InternalInputBuffer.java index 6b77f2486..d98a64bd9 100644 --- a/java/org/apache/coyote/http11/InternalInputBuffer.java +++ b/java/org/apache/coyote/http11/InternalInputBuffer.java @@ -391,7 +391,8 @@ public class InternalInputBuffer implements InputBuffer { throw new EOFException(sm.getString("iib.eof.error")); } - if (buf[pos] == Constants.SP) { + // Spec says single SP but it also says be tolerant of HT + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; request.method().setBytes(buf, start, pos - start); } @@ -400,6 +401,21 @@ public class InternalInputBuffer implements InputBuffer { } + + // Spec says single SP but also says be tolerant of multiple and/or HT + while (space) { + // Read new bytes if needed + if (pos >= lastValid) { + if (!fill()) + throw new EOFException(sm.getString("iib.eof.error")); + } + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { + pos++; + } else { + space = false; + } + } + // Mark the current buffer position start = pos; int end = 0; @@ -409,7 +425,6 @@ public class InternalInputBuffer implements InputBuffer { // Reading the URI // - space = false; boolean eol = false; while (!space) { @@ -420,7 +435,8 @@ public class InternalInputBuffer implements InputBuffer { throw new EOFException(sm.getString("iib.eof.error")); } - if (buf[pos] == Constants.SP) { + // Spec says single SP but it also says be tolerant of HT + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; end = pos; } else if ((buf[pos] == Constants.CR) @@ -447,6 +463,20 @@ public class InternalInputBuffer implements InputBuffer { request.requestURI().setBytes(buf, start, end - start); } + // Spec says single SP but also says be tolerant of multiple and/or HT + while (space) { + // Read new bytes if needed + if (pos >= lastValid) { + if (!fill()) + throw new EOFException(sm.getString("iib.eof.error")); + } + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { + pos++; + } else { + space = false; + } + } + // Mark the current buffer position start = pos; end = 0; diff --git a/java/org/apache/coyote/http11/InternalNioInputBuffer.java b/java/org/apache/coyote/http11/InternalNioInputBuffer.java index a0ac5bd6f..d57d21411 100644 --- a/java/org/apache/coyote/http11/InternalNioInputBuffer.java +++ b/java/org/apache/coyote/http11/InternalNioInputBuffer.java @@ -454,7 +454,7 @@ public class InternalNioInputBuffer implements InputBuffer { if (!fill(true, false)) //request line parsing return false; } - if (buf[pos] == Constants.SP) { + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; request.method().setBytes(buf, parsingRequestLineStart, pos - parsingRequestLineStart); } @@ -464,20 +464,34 @@ public class InternalNioInputBuffer implements InputBuffer { parsingRequestLinePhase = 3; } if ( parsingRequestLinePhase == 3 ) { + // Spec says single SP but also be tolerant of multiple and/or HT + boolean space = true; + while (space) { + // Read new bytes if needed + if (pos >= lastValid) { + if (!fill(true, false)) //request line parsing + return false; + } + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { + pos++; + } else { + space = false; + } + } + // Mark the current buffer position int end = 0; // // Reading the URI // - boolean space = false; while (!space) { // Read new bytes if needed if (pos >= lastValid) { if (!fill(true,false)) //request line parsing return false; } - if (buf[pos] == Constants.SP) { + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; end = pos; } else if ((buf[pos] == Constants.CR) @@ -504,6 +518,21 @@ public class InternalNioInputBuffer implements InputBuffer { parsingRequestLinePhase = 4; } if ( parsingRequestLinePhase == 4 ) { + // Spec says single SP but also be tolerant of multiple and/or HT + boolean space = true; + while (space) { + // Read new bytes if needed + if (pos >= lastValid) { + if (!fill(true, false)) //request line parsing + return false; + } + if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { + pos++; + } else { + space = false; + } + } + // Mark the current buffer position end = 0; -- 2.11.0