Author: kkolinko Date: Mon Jan 9 04:50:17 2012 New Revision: 1229027 URL: http://svn.apache.org/viewvc?rev=1229027&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52384 Do not fail in Parameter parsing when debug logging is enabled. Also do not flag extra '&' in parameters as errors.
Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1229027&r1=1229026&r2=1229027&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Jan 9 04:50:17 2012 @@ -90,13 +90,6 @@ PATCHES PROPOSED TO BACKPORT: +1: kkolinko, rjung -1: -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52384 - Do not fail in Parameter parsing when debug logging is enabled. - Also do not flag extra '&' as errors. - http://svn.apache.org/viewvc?rev=1224659&view=rev - +1: kkolinko, rjung, markt - -1: - * Reduce log level for the message about hitting maxParameterCount limit from WARN to INFO. in java/org/apache/tomcat/util/http/Parameters.java line 242: Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties?rev=1229027&r1=1229026&r2=1229027&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/LocalStrings.properties Mon Jan 9 04:50:17 2012 @@ -17,6 +17,7 @@ parameters.bytes=Start processing with i parameters.copyFail=Failed to create copy of original parameter values for debug logging purposes parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values. +parameters.emptyChunk=Empty parameter chunk ignored parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at byte [{1}] with a value of [{2}] ignored parameters.maxCountFail=More than the maximum number of request parameters (GET plus POST) for a single request ([{0}]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector. parameters.multipleDecodingFail=Character decoding failed. A total of [{0}] failures were detected but only the first was logged. Enable debug level logging for this logger to log all failures. Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java?rev=1229027&r1=1229026&r2=1229027&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Parameters.java Mon Jan 9 04:50:17 2012 @@ -314,6 +314,15 @@ public final class Parameters { } if (nameEnd <= nameStart ) { + if (valueStart == -1) { + // && + if (log.isDebugEnabled()) { + log.debug(sm.getString("parameters.emptyChunk")); + } + // Do not flag as error + continue; + } + // &=foo& if (log.isInfoEnabled()) { if (valueEnd >= nameStart && log.isDebugEnabled()) { String extract = null; @@ -341,7 +350,11 @@ public final class Parameters { } tmpName.setBytes(bytes, nameStart, nameEnd - nameStart); - tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart); + if (valueStart >= 0) { + tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart); + } else { + tmpValue.setBytes(bytes, 0, 0); + } // Take copies as if anything goes wrong originals will be // corrupted. This means original values can be logged. @@ -349,7 +362,11 @@ public final class Parameters { if (log.isDebugEnabled()) { try { origName.append(bytes, nameStart, nameEnd - nameStart); - origValue.append(bytes, valueStart, valueEnd - valueStart); + if (valueStart >= 0) { + origValue.append(bytes, valueStart, valueEnd - valueStart); + } else { + origValue.append(bytes, 0, 0); + } } catch (IOException ioe) { // Should never happen... log.error(sm.getString("parameters.copyFail"), ioe); @@ -366,11 +383,15 @@ public final class Parameters { tmpName.setCharset(charset); name = tmpName.toString(); - if (decodeValue) { - urlDecode(tmpValue); + if (valueStart >= 0) { + if (decodeValue) { + urlDecode(tmpValue); + } + tmpValue.setCharset(charset); + value = tmpValue.toString(); + } else { + value = ""; } - tmpValue.setCharset(charset); - value = tmpValue.toString(); addParam(name, value); } catch (IOException e) { Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1229027&r1=1229026&r2=1229027&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Jan 9 04:50:17 2012 @@ -81,6 +81,14 @@ The <code>FailedRequestFilter</code> filter can be used to detect this condition. (kkolinko) </fix> + <fix> + <bug>52384</bug>: Do not fail with parameter parsing when debug logging + is enabled. (kkolinko) + </fix> + <fix> + Do not flag extra '&' characters in parameters as parse errors. + (kkolinko) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org