[
https://issues.apache.org/jira/browse/CXF-7015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15666721#comment-15666721
]
ASF GitHub Bot commented on CXF-7015:
-------------------------------------
GitHub user iammichaelgrant opened a pull request:
https://github.com/apache/cxf/pull/196
[CXF-7015] Capture invalid escapes and throw IllegalArgumentException
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/iammichaelgrant/cxf CXF-7015
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cxf/pull/196.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #196
----
commit 8245a77f706a2611857700d9922c149397384c52
Author: Michael Grant <michael.gr...@youview.com>
Date: 2016-11-15T10:01:04Z
[CXF-7015] Capture invalid escapes and throw IllegalArgumentException
----
> Invalid URL encoding causes error 500
> -------------------------------------
>
> Key: CXF-7015
> URL: https://issues.apache.org/jira/browse/CXF-7015
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.0.4
> Reporter: Sanjay Patel
>
> When using Apache CXF JAX RS Client 3.0.3
> We would get a 400 Response with URLDecoder: Incomplete trailing escape (%)
> pattern.
> Using Apache CXF JAX RS Client 3.0.4 and above we see the below issue.
> If we make a request using JAX RS to Spring with an invalid URL encoding,
> such as %3, we are getting a 500 Response, and an BufferUnderflowException.
> As seen below.
> {code}
> java.nio.BufferUnderflowException at
> java.nio.Buffer.nextGetIndex(Buffer.java:500) at
> java.nio.HeapByteBuffer.get(HeapByteBuffer.java:135) at
> org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:96) at
> org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:67) at
> org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:122) at
> org.apache.cxf.jaxrs.utils.HttpUtils.urlDecode(HttpUtils.java:97) at
> org.apache.cxf.jaxrs.utils.JAXRSUtils.getStructuredParams(JAXRSUtils.java:1262)
> at
> org.apache.cxf.jaxrs.utils.JAXRSUtils.getStructuredParams(JAXRSUtils.java:1236)
> at
> org.apache.cxf.jaxrs.impl.UriInfoImpl.getQueryParameters(UriInfoImpl.java:115)
> at
> org.apache.cxf.jaxrs.impl.UriInfoImpl.getQueryParameters(UriInfoImpl.java:109)
> at
> org.apache.cxf.jaxrs.impl.RequestPreprocessor.preprocess(RequestPreprocessor.java:74)
> at
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:102)
> at
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:222)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
