Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGreg Wilkins2013-08-09 06:12:55 +0000
committerGreg Wilkins2013-08-09 06:12:55 +0000
commit8ce87ffafcc1e11d9bf0e047e1f2c6e42ca9cddd (patch)
treecb2690b70dd938c4da2303780c2ea00010eaf765 /jetty-http
parent06ef5b793010d569ff41a4c7a72938c8374ae8ac (diff)
parent7c2095725f2661cb58a33b66617c66ff268ae469 (diff)
downloadorg.eclipse.jetty.project-8ce87ffafcc1e11d9bf0e047e1f2c6e42ca9cddd.tar.gz
org.eclipse.jetty.project-8ce87ffafcc1e11d9bf0e047e1f2c6e42ca9cddd.tar.xz
org.eclipse.jetty.project-8ce87ffafcc1e11d9bf0e047e1f2c6e42ca9cddd.zip
Merge remote-tracking branch 'origin/master' into jetty-9.1
Diffstat (limited to 'jetty-http')
-rw-r--r--jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java18
-rw-r--r--jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java68
2 files changed, 82 insertions, 4 deletions
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
index 968a9666c5..fd5e63e088 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
@@ -898,6 +898,8 @@ public class HttpParser
break;
}
}
+ else if (ch<=HttpTokens.SPACE)
+ throw new BadMessage();
else
{
if (buffer.hasRemaining())
@@ -962,6 +964,8 @@ public class HttpParser
break;
case HEADER_NAME:
+ if (ch<0)
+ throw new BadMessage();
switch(ch)
{
case HttpTokens.LINE_FEED:
@@ -971,7 +975,6 @@ public class HttpParser
_header=HttpHeader.CACHE.get(_headerString);
}
setState(State.HEADER);
-
break;
case HttpTokens.COLON:
@@ -982,10 +985,11 @@ public class HttpParser
}
setState(State.HEADER_VALUE);
break;
+
case HttpTokens.SPACE:
case HttpTokens.TAB:
- _string.append((char)ch);
break;
+
default:
{
_string.append((char)ch);
@@ -997,6 +1001,12 @@ public class HttpParser
break;
case HEADER_IN_NAME:
+ if (ch<HttpTokens.SPACE)
+ {
+
+ }
+ if (ch<0)
+ throw new BadMessage("Illegal character");
switch(ch)
{
case HttpTokens.LINE_FEED:
@@ -1072,7 +1082,7 @@ public class HttpParser
break;
default:
{
- _string.append((char)ch);
+ _string.append((char)(0xff&ch));
_length=_string.length();
setState(State.HEADER_IN_VALUE);
}
@@ -1121,7 +1131,7 @@ public class HttpParser
_valueString=null;
_field=null;
}
- _string.append((char)ch);
+ _string.append((char)(0xff&ch));
_length++;
}
break;
diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java
index 7c197a1013..3469daf8c6 100644
--- a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java
+++ b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java
@@ -20,6 +20,7 @@ package org.eclipse.jetty.http;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import java.nio.ByteBuffer;
@@ -29,6 +30,8 @@ import java.util.List;
import org.eclipse.jetty.http.HttpParser.State;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.StringUtil;
+import org.hamcrest.Matchers;
+import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -339,6 +342,71 @@ public class HttpParserTest
}
@Test
+ public void testEncodedHeader() throws Exception
+ {
+ ByteBuffer buffer=BufferUtil.allocate(4096);
+ BufferUtil.flipToFill(buffer);
+ BufferUtil.put(BufferUtil.toBuffer("GET "),buffer);
+ buffer.put("/foo/\u0690/".getBytes(StringUtil.__UTF8_CHARSET));
+ BufferUtil.put(BufferUtil.toBuffer(" HTTP/1.0\r\n"),buffer);
+ BufferUtil.put(BufferUtil.toBuffer("Header1: "),buffer);
+ buffer.put("\u00e6 \u00e6".getBytes(StringUtil.__ISO_8859_1_CHARSET));
+ BufferUtil.put(BufferUtil.toBuffer(" \r\n\r\n"),buffer);
+ BufferUtil.flipToFlush(buffer,0);
+
+ HttpParser.RequestHandler<ByteBuffer> handler = new Handler();
+ HttpParser parser= new HttpParser(handler);
+ parseAll(parser,buffer);
+
+ assertEquals("GET", _methodOrVersion);
+ assertEquals("/foo/\u0690/", _uriOrStatus);
+ assertEquals("HTTP/1.0", _versionOrReason);
+ assertEquals("Header1", _hdr[0]);
+ assertEquals("\u00e6 \u00e6", _val[0]);
+ assertEquals(0, _h);
+ assertEquals(null,_bad);
+ }
+
+
+
+ @Test
+ public void testBadMethodEncoding() throws Exception
+ {
+ ByteBuffer buffer= BufferUtil.toBuffer(
+ "G\u00e6T / HTTP/1.0\r\nHeader0: value0\r\n\n\n");
+
+ HttpParser.RequestHandler<ByteBuffer> handler = new Handler();
+ HttpParser parser= new HttpParser(handler);
+ parseAll(parser,buffer);
+ assertThat(_bad,Matchers.notNullValue());
+ }
+
+ @Test
+ public void testBadVersionEncoding() throws Exception
+ {
+ ByteBuffer buffer= BufferUtil.toBuffer(
+ "GET / H\u00e6P/1.0\r\nHeader0: value0\r\n\n\n");
+
+ HttpParser.RequestHandler<ByteBuffer> handler = new Handler();
+ HttpParser parser= new HttpParser(handler);
+ parseAll(parser,buffer);
+ assertThat(_bad,Matchers.notNullValue());
+ }
+
+
+ @Test
+ public void testBadHeaderEncoding() throws Exception
+ {
+ ByteBuffer buffer= BufferUtil.toBuffer(
+ "GET / HTTP/1.0\r\nH\u00e6der0: value0\r\n\n\n");
+
+ HttpParser.RequestHandler<ByteBuffer> handler = new Handler();
+ HttpParser parser= new HttpParser(handler);
+ parseAll(parser,buffer);
+ assertThat(_bad,Matchers.notNullValue());
+ }
+
+ @Test
public void testSplitHeaderParse() throws Exception
{
ByteBuffer buffer= BufferUtil.toBuffer(

Back to the top