This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 3915fd27e6 Follow-up to HTTP/2 header filtering
3915fd27e6 is described below
commit 3915fd27e6810b14ccd21e3d900bd8faef44d3df
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 1 10:55:20 2026 +0100
Follow-up to HTTP/2 header filtering
Implements some suggestions from a CoPilot review
Fix hex/decimal confusion
Add missing message parameters
---
java/org/apache/coyote/http2/HPackHuffman.java | 36 +++++++++++++---------
.../apache/tomcat/util/http/parser/HttpParser.java | 2 +-
2 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/coyote/http2/HPackHuffman.java
b/java/org/apache/coyote/http2/HPackHuffman.java
index 3ef6cb392f..e0412d5bd7 100644
--- a/java/org/apache/coyote/http2/HPackHuffman.java
+++ b/java/org/apache/coyote/http2/HPackHuffman.java
@@ -418,20 +418,20 @@ public class HPackHuffman {
c = (char) (val & LOW_MASK);
if (isFieldName) {
if (!HttpParser.isToken(c) ||
Character.isUpperCase(c)) {
- throw new IllegalArgumentException(
-
sm.getString("hpackhuffman.decode.illegalCharacterName"));
+ throw new IllegalArgumentException(sm
+
.getString("hpackhuffman.decode.illegalCharacterName", Character.toString(c)));
}
} else {
if (firstChar) {
if (!HttpParser.isFieldVChar(c)) {
- throw new IllegalArgumentException(
-
sm.getString("hpackhuffman.decode.illegalCharacterValue.start"));
+ throw new
IllegalArgumentException(sm.getString(
+
"hpackhuffman.decode.illegalCharacterValue.start", Character.toString(c)));
}
firstChar = false;
} else {
if (!HttpParser.isFieldContent(c)) {
- throw new IllegalArgumentException(
-
sm.getString("hpackhuffman.decode.illegalCharacterValue"));
+ throw new
IllegalArgumentException(sm.getString(
+
"hpackhuffman.decode.illegalCharacterValue", Character.toString(c)));
}
}
}
@@ -457,20 +457,20 @@ public class HPackHuffman {
c = (char) ((val >> 16) & LOW_MASK);
if (isFieldName) {
if (!HttpParser.isToken(c) ||
Character.isUpperCase(c)) {
- throw new IllegalArgumentException(
-
sm.getString("hpackhuffman.decode.illegalCharacterName"));
+ throw new IllegalArgumentException(sm
+
.getString("hpackhuffman.decode.illegalCharacterName", Character.toString(c)));
}
} else {
if (firstChar) {
if (!HttpParser.isFieldVChar(c)) {
- throw new IllegalArgumentException(
-
sm.getString("hpackhuffman.decode.illegalCharacterValue.start"));
+ throw new
IllegalArgumentException(sm.getString(
+
"hpackhuffman.decode.illegalCharacterValue.start", Character.toString(c)));
}
firstChar = false;
} else {
if (!HttpParser.isFieldContent(c)) {
- throw new IllegalArgumentException(
-
sm.getString("hpackhuffman.decode.illegalCharacterValue"));
+ throw new
IllegalArgumentException(sm.getString(
+
"hpackhuffman.decode.illegalCharacterValue", Character.toString(c)));
}
}
}
@@ -490,8 +490,16 @@ public class HPackHuffman {
if (!eosBits) {
throw new
HpackException(sm.getString("hpackhuffman.huffmanEncodedHpackValueDidNotEndWithEOS"));
}
- if (!HttpParser.isFieldVChar(c)) {
- throw new
IllegalArgumentException(sm.getString("hpackhuffman.decode.illegalCharacterValue.end"));
+ if (isFieldName) {
+ if (!HttpParser.isToken(c) || Character.isUpperCase(c)) {
+ throw new IllegalArgumentException(sm
+ .getString("hpackhuffman.decode.illegalCharacterName",
Character.toString(c)));
+ }
+ } else {
+ if (!HttpParser.isFieldVChar(c)) {
+ throw new IllegalArgumentException(
+
sm.getString("hpackhuffman.decode.illegalCharacterValue.end",
Character.toString(c)));
+ }
}
}
diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java
b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index e85e47214d..27db3127bf 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -117,7 +117,7 @@ public class HttpParser {
}
// field-vchar is VCHAR / obs-text
- if (i > 20 && i < 127 || i > 127) {
+ if (i > 32 && i < 127 || i > 127) {
IS_FIELD_VCHAR[i] = true;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
