This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new e1d651e8a8 Better validation of HTTP responses
e1d651e8a8 is described below
commit e1d651e8a8cb1735d204a99b366ec1f804e060c8
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Jun 24 22:09:35 2026 +0100
Better validation of HTTP responses
---
java/org/apache/catalina/ha/backend/LocalStrings.properties | 1 +
java/org/apache/catalina/ha/backend/TcpSender.java | 11 ++++++++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/ha/backend/LocalStrings.properties
b/java/org/apache/catalina/ha/backend/LocalStrings.properties
index a451110707..30268ed155 100644
--- a/java/org/apache/catalina/ha/backend/LocalStrings.properties
+++ b/java/org/apache/catalina/ha/backend/LocalStrings.properties
@@ -28,6 +28,7 @@ multiCastSender.multiCastFailed=Unable to use multicast
multiCastSender.sendFailed=Unable to send multicast message
tcpSender.connectionFailed=Unable to connect to proxy
+tcpSender.duplicateContentLength=The response contained more than one
content-length header
tcpSender.invalidContentLength=Unable to parse content length [{0}]
tcpSender.invalidHeaderLine=Unable to parse header line [{0}]
tcpSender.invalidProxyList=Invalid proxy list
diff --git a/java/org/apache/catalina/ha/backend/TcpSender.java
b/java/org/apache/catalina/ha/backend/TcpSender.java
index 10b64cf8bb..26af09243a 100644
--- a/java/org/apache/catalina/ha/backend/TcpSender.java
+++ b/java/org/apache/catalina/ha/backend/TcpSender.java
@@ -187,15 +187,24 @@ public class TcpSender implements Sender {
int contentLength = 0;
while (header != null && !header.isEmpty()) {
int colon = header.indexOf(':');
- if (colon >= 0 && header.length() > (colon + 1)) {
+ if (colon >= 0) {
String headerName = header.substring(0, colon).trim();
String headerValue = header.substring(colon +
1).trim();
if ("content-length".equalsIgnoreCase(headerName)) {
+ if (contentLength > 0) {
+
log.error(sm.getString("tcpSender.duplicateContentLength"));
+ close(i);
+ // Clear any content length if one has been
read.
+ contentLength = 0;
+ break;
+ }
try {
contentLength = Integer.parseInt(headerValue);
} catch (NumberFormatException e) {
log.error(sm.getString("tcpSender.invalidContentLength", headerValue));
close(i);
+ // Clear any content length if one has been
read.
+ contentLength = 0;
break;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
