https://issues.apache.org/bugzilla/show_bug.cgi?id=48839
Summary: Header folding fails in NIO connector
Product: Tomcat 6
Version: 6.0.20
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
AssignedTo: [email protected]
ReportedBy: [email protected]
Overview : HTTP request having one of its header folded send to NIO connctor
fails with 400 bad request.
Steps to Reproduce:
1) Send an HTTP request having a header whoes value is folded (example :
Add an HTTP header TestHeader with value = "abcd" +"\r\n\t"+"efgh"
to a server which is using Java Nio Blocking Connector Http11NioProtocol
Expected Result : Request should be handled successfully
Actual Result : 400 Bad Request response is send back
Additional Information:
The issue is present in the parseHeader() method of InternalNioInputBuffer
class.
Here the variable headerParsePos is set according to the enum
HeaderParsePosition {HEADER_START, HEADER_NAME, HEADER_VALUE,
HEADER_MULTI_LINE}
Inorder to verify if the header is multiline first the value of headerParsePos
is set to HEADER_MULTI_LINE
Then following code is executed
if ( headerParsePos == HeaderParsePosition.HEADER_MULTI_LINE ) {
if ( (chr != Constants.SP) && (chr != Constants.HT)) {
headerParsePos = HeaderParsePosition.HEADER_START;
} else {
eol = false;
// Copying one extra space in the buffer (since there must
// be at least one space inserted between the lines)
buf[headerData.realPos] = chr;
headerData.realPos++;
}
}
Here if the first character of the next line is not equal to space or tab then
the value of variable headerParsePos is set to HEADER_START
But if the value is equal to space or tab then value of variable
headerParsePos remains HEADER_MULTI_LINE.
The futher parsing of the header value is done only in case headerParsePos is
set to HEADER_VALUE
while (headerParsePos == HeaderParsePosition.HEADER_VALUE ||
headerParsePos == HeaderParsePosition.HEADER_MULTI_LINE) {
if ( headerParsePos == HeaderParsePosition.HEADER_VALUE ) {
//code to parse header value
}
if ( headerParsePos == HeaderParsePosition.HEADER_MULTI_LINE ) {
//code to handle multiline header
}
}
Since the value of headerParsePos is not being set back to HEADER_VALUE
therefore code to handle multiline header is being executed .
And the while loop goes in an endless loop.
If the else part of code to handle multiline header if
headerParsePos = HeaderParsePosition. HEADER_VALUE; line is added as below
if ( headerParsePos == HeaderParsePosition.HEADER_MULTI_LINE ) {
if ( (chr != Constants.SP) && (chr != Constants.HT)) {
headerParsePos = HeaderParsePosition.HEADER_START;
} else {
eol = false;
// Copying one extra space in the buffer (since there must
// be at least one space inserted between the lines)
buf[headerData.realPos] = chr;
headerData.realPos++;
headerParsePos = HeaderParsePosition. HEADER_VALUE;
}
}
Then the header folding is handled successfully
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
