From d41b263b6d8a25d1af793db514da8a5aa4434014 Mon Sep 17 00:00:00 2001 From: Alfonso Altamirano Date: Wed, 13 Nov 2024 14:56:29 -0600 Subject: [PATCH 1/6] FISH-9690: adding properties to enable Header Name and Header Value validation against invalid characters RFC-9110 --- bom/pom.xml | 2 +- .../grizzly-httpservice-bundle/pom.xml | 4 +- extras/bundles/pom.xml | 4 +- extras/connection-pool/pom.xml | 4 +- extras/grizzly-httpservice/pom.xml | 4 +- extras/http-server-jaxws/pom.xml | 4 +- extras/http-server-multipart/pom.xml | 4 +- extras/http-servlet-extras/pom.xml | 4 +- extras/pom.xml | 4 +- extras/tls-sni/pom.xml | 4 +- modules/bundles/comet/pom.xml | 4 +- modules/bundles/core/pom.xml | 4 +- modules/bundles/http-all/pom.xml | 4 +- modules/bundles/http-servlet/pom.xml | 4 +- modules/bundles/http/pom.xml | 4 +- modules/bundles/pom.xml | 4 +- modules/bundles/websockets/pom.xml | 4 +- modules/comet/pom.xml | 4 +- modules/grizzly/pom.xml | 4 +- modules/http-ajp/pom.xml | 4 +- modules/http-server/pom.xml | 4 +- modules/http-servlet/pom.xml | 4 +- modules/http/pom.xml | 4 +- .../grizzly/http/HttpCodecFilter.java | 99 +++++- .../grizzly/http/util/CookieHeaderParser.java | 311 ++++++++++++++++++ .../grizzly/http/HttpRequestParseTest.java | 92 +++++- modules/monitoring/grizzly/pom.xml | 4 +- modules/monitoring/http-server/pom.xml | 4 +- modules/monitoring/http/pom.xml | 4 +- modules/monitoring/pom.xml | 4 +- modules/pom.xml | 4 +- modules/portunif/pom.xml | 4 +- modules/spdy/pom.xml | 4 +- modules/websockets/pom.xml | 4 +- pom.xml | 12 +- samples/comet/comet-counter/pom.xml | 4 +- samples/comet/pom.xml | 4 +- samples/connection-pool-samples/pom.xml | 4 +- samples/framework-samples/pom.xml | 4 +- samples/http-ajp-samples/pom.xml | 4 +- samples/http-jaxws-samples/pom.xml | 4 +- samples/http-multipart-samples/pom.xml | 4 +- samples/http-samples/pom.xml | 4 +- samples/http-server-samples/pom.xml | 4 +- samples/pom.xml | 4 +- samples/portunif/pom.xml | 4 +- samples/spdy-samples/pom.xml | 4 +- samples/tls-sni-samples/pom.xml | 4 +- samples/websockets/chat-ssl/pom.xml | 4 +- samples/websockets/chat/pom.xml | 4 +- 50 files changed, 591 insertions(+), 105 deletions(-) create mode 100644 modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java diff --git a/bom/pom.xml b/bom/pom.xml index 50d83ea623..1a72a34709 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -55,7 +55,7 @@ grizzly-bom pom grizzly-bom - 2.3.31.payara-p4 + 2.3.31.payara-p5 Grizzly Bill of Materials (BOM) diff --git a/extras/bundles/grizzly-httpservice-bundle/pom.xml b/extras/bundles/grizzly-httpservice-bundle/pom.xml index 3a963a8b7e..5bec125bed 100644 --- a/extras/bundles/grizzly-httpservice-bundle/pom.xml +++ b/extras/bundles/grizzly-httpservice-bundle/pom.xml @@ -44,13 +44,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 jar Grizzly OSGi HttpService Bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 org.glassfish.grizzly.osgi grizzly-httpservice-bundle diff --git a/extras/bundles/pom.xml b/extras/bundles/pom.xml index 3fc5b2f2fa..bd10c02c11 100644 --- a/extras/bundles/pom.xml +++ b/extras/bundles/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-extra-bundles pom - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-extra-bundles diff --git a/extras/connection-pool/pom.xml b/extras/connection-pool/pom.xml index e37f79e950..95dc178a01 100644 --- a/extras/connection-pool/pom.xml +++ b/extras/connection-pool/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 connection-pool bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 connection-pool install diff --git a/extras/grizzly-httpservice/pom.xml b/extras/grizzly-httpservice/pom.xml index 8cfec2d936..e4fcadca66 100644 --- a/extras/grizzly-httpservice/pom.xml +++ b/extras/grizzly-httpservice/pom.xml @@ -44,14 +44,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 jar Grizzly OSGi HttpService - 2.3.31.payara-p4 + 2.3.31.payara-p5 org.glassfish.grizzly.osgi grizzly-httpservice diff --git a/extras/http-server-jaxws/pom.xml b/extras/http-server-jaxws/pom.xml index 148dd87089..c0f211230c 100644 --- a/extras/http-server-jaxws/pom.xml +++ b/extras/http-server-jaxws/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-http-server-jaxws bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-server-jaxws install diff --git a/extras/http-server-multipart/pom.xml b/extras/http-server-multipart/pom.xml index 38aec9790d..31e24565ca 100644 --- a/extras/http-server-multipart/pom.xml +++ b/extras/http-server-multipart/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-http-server-multipart bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-server-multipart install diff --git a/extras/http-servlet-extras/pom.xml b/extras/http-servlet-extras/pom.xml index a217695294..233c0a9ebb 100644 --- a/extras/http-servlet-extras/pom.xml +++ b/extras/http-servlet-extras/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-http-servlet-extras bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-servlet-extras install diff --git a/extras/pom.xml b/extras/pom.xml index 9928c0dc0b..dab99377a7 100644 --- a/extras/pom.xml +++ b/extras/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../pom.xml 4.0.0 grizzly-extras pom - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-extras diff --git a/extras/tls-sni/pom.xml b/extras/tls-sni/pom.xml index f3ef980746..dbdea92f0a 100644 --- a/extras/tls-sni/pom.xml +++ b/extras/tls-sni/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 tls-sni bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 tls-sni install diff --git a/modules/bundles/comet/pom.xml b/modules/bundles/comet/pom.xml index b78da8981c..c3ef58e4d9 100644 --- a/modules/bundles/comet/pom.xml +++ b/modules/bundles/comet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-comet-server jar - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-comet-server install diff --git a/modules/bundles/core/pom.xml b/modules/bundles/core/pom.xml index 8f91624340..cf4e547871 100644 --- a/modules/bundles/core/pom.xml +++ b/modules/bundles/core/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-core jar - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-core install diff --git a/modules/bundles/http-all/pom.xml b/modules/bundles/http-all/pom.xml index 0f8fe80cb1..762bea75ab 100644 --- a/modules/bundles/http-all/pom.xml +++ b/modules/bundles/http-all/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-http-all jar - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-all install diff --git a/modules/bundles/http-servlet/pom.xml b/modules/bundles/http-servlet/pom.xml index b9d979d87b..a5678dfdba 100755 --- a/modules/bundles/http-servlet/pom.xml +++ b/modules/bundles/http-servlet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-http-servlet-server jar - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-servlet-server install diff --git a/modules/bundles/http/pom.xml b/modules/bundles/http/pom.xml index b97236c8a5..77cf020a36 100755 --- a/modules/bundles/http/pom.xml +++ b/modules/bundles/http/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-http-server-core jar - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-server-core install diff --git a/modules/bundles/pom.xml b/modules/bundles/pom.xml index ddb60455dc..a79f87c7ba 100644 --- a/modules/bundles/pom.xml +++ b/modules/bundles/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-bundles pom - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-bundles diff --git a/modules/bundles/websockets/pom.xml b/modules/bundles/websockets/pom.xml index fd8ba41f8c..e7ef6163ab 100644 --- a/modules/bundles/websockets/pom.xml +++ b/modules/bundles/websockets/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-websockets-server jar - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-websockets-server install diff --git a/modules/comet/pom.xml b/modules/comet/pom.xml index 3e7ac4cdc3..ed5e5b02d5 100644 --- a/modules/comet/pom.xml +++ b/modules/comet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-comet bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-comet install diff --git a/modules/grizzly/pom.xml b/modules/grizzly/pom.xml index 3d0bb14a62..29896b21ac 100644 --- a/modules/grizzly/pom.xml +++ b/modules/grizzly/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-framework bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-framework install diff --git a/modules/http-ajp/pom.xml b/modules/http-ajp/pom.xml index 660c79860c..891ae3e133 100755 --- a/modules/http-ajp/pom.xml +++ b/modules/http-ajp/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-http-ajp bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-ajp http://grizzly.java.net diff --git a/modules/http-server/pom.xml b/modules/http-server/pom.xml index 78357aad3b..33af8339df 100644 --- a/modules/http-server/pom.xml +++ b/modules/http-server/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-http-server bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-server install diff --git a/modules/http-servlet/pom.xml b/modules/http-servlet/pom.xml index 2ee1f9c79e..3e0dd6e447 100755 --- a/modules/http-servlet/pom.xml +++ b/modules/http-servlet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-http-servlet bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-servlet install diff --git a/modules/http/pom.xml b/modules/http/pom.xml index 4032a3f651..bdeb6ce477 100644 --- a/modules/http/pom.xml +++ b/modules/http/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-http bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http install diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java index ee058c89b9..3223b5ad5a 100644 --- a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java @@ -1,7 +1,7 @@ /* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * - * Copyright (c) 2010-2017 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010-2024 Oracle and/or its affiliates. All rights reserved. * * The contents of this file are subject to the terms of either the GNU * General Public License Version 2 only ("GPL") or the Common Development @@ -41,10 +41,12 @@ package org.glassfish.grizzly.http; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; +import java.util.regex.Pattern; import org.glassfish.grizzly.Buffer; import org.glassfish.grizzly.Connection; import org.glassfish.grizzly.Grizzly; @@ -55,6 +57,7 @@ import org.glassfish.grizzly.http.util.ByteChunk; import org.glassfish.grizzly.http.util.CacheableDataChunk; import org.glassfish.grizzly.http.util.Constants; +import org.glassfish.grizzly.http.util.CookieHeaderParser; import org.glassfish.grizzly.http.util.DataChunk; import org.glassfish.grizzly.http.util.Header; import org.glassfish.grizzly.http.util.MimeHeaders; @@ -153,6 +156,16 @@ public abstract class HttpCodecFilter extends HttpBaseFilter * @see #setRemoveHandledContentEncodingHeaders */ private boolean removeHandledContentEncodingHeaders = false; + + public static final String STRICT_HEADER_NAME_VALIDATION_RFC_9110 = "org.glassfish.grizzly.http.STRICT_HEADER_NAME_VALIDATION_RFC_9110"; + + public static final String STRICT_HEADER_VALUE_VALIDATION_RFC_9110 = "org.glassfish.grizzly.http.STRICT_HEADER_VALUE_VALIDATION_RFC_9110"; + + private static final boolean isStrictHeaderNameValidationSet = Boolean.parseBoolean(System.getProperty(STRICT_HEADER_NAME_VALIDATION_RFC_9110)); + + private static final boolean isStrictHeaderValueValidationSet = Boolean.parseBoolean(System.getProperty(STRICT_HEADER_VALUE_VALIDATION_RFC_9110)); + + private static final String REGEX_RFC_9110_INVALID_CHARACTERS = "(\\\\n)|(\\\\0)|(\\\\r)|(\\\\x00)|(\\\\x0A)|(\\\\x0D)"; /** * File cache probes @@ -829,8 +842,13 @@ protected boolean parseHeaderFromBytes(final HttpHeader httpHeader, parsingState.subState++; } case 1: { // parse header name - if (!parseHeaderName(httpHeader, mimeHeaders, parsingState, input, end)) { + final int result = parseHeaderName(httpHeader, mimeHeaders, parsingState, input, end); + if (result == -1) { return false; + } else if (result == -2) { // EOL. ignore field-lines + parsingState.subState = 0; + parsingState.start = -1; + return true; } parsingState.subState++; @@ -879,7 +897,7 @@ protected boolean parseHeaderFromBytes(final HttpHeader httpHeader, } } - protected boolean parseHeaderName(final HttpHeader httpHeader, + protected int parseHeaderName(final HttpHeader httpHeader, final MimeHeaders mimeHeaders, final HeaderParsingState parsingState, final byte[] input, final int end) { final int arrayOffs = parsingState.arrayOffset; @@ -898,19 +916,34 @@ protected boolean parseHeaderName(final HttpHeader httpHeader, finalizeKnownHeaderNames(httpHeader, parsingState, input, start, offset); - return true; + return 0; } else if ((b >= Constants.A) && (b <= Constants.Z)) { if (!preserveHeaderCase) { b -= Constants.LC_OFFSET; } input[offset] = b; + } else if (isStrictHeaderNameValidationSet && b == Constants.CR) { + parsingState.offset = offset - arrayOffs; + final int eol = checkEOL(parsingState, input, end); + if (eol == 0) { // EOL + // the offset is already increased in the check + return -2; + } else if (eol == -2) { // not enough data + // by keeping the offset unchanged, we will recheck the EOL at the next opportunity. + break; + } + } + + if (isStrictHeaderNameValidationSet && !CookieHeaderParser.isToken(b)) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header name"); } offset++; } parsingState.offset = offset - arrayOffs; - return false; + return -1; } protected static int parseHeaderValue(final HttpHeader httpHeader, @@ -943,6 +976,10 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, parsingState.headerValueStorage.setBytes(input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2); + if (isStrictHeaderValueValidationSet) { + //make validation with regex mode + validateRFC9110Characters(input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2); + } return 0; } } @@ -969,6 +1006,30 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, parsingState.offset = offset - arrayOffs; return -1; } + + private static void validateRFC9110Characters(final byte[] headerValueContent, int start, int end) { + if (headerValueContent != null) { + if (isInvalidCharacterAvailable(start, end, headerValueContent)) { + throw new IllegalStateException( + "An invalid character NUL, LF or CR found in the header value: " + headerValueContent.toString()); + } + } + } + + /** + * This method evaluates the String from the bytes that contains Header Value and validates if contains literal value + * of \n, \r or \0 , in case any of those characters are available return true + * @param start index of the starting point to extract characters from the byte array + * @param end index of the end point to extract characters from the byte array + * @param bytesFromByteChunk represents the bytes from the request message to be processed + * @return Boolean true if any of those characters are available + */ + private static boolean isInvalidCharacterAvailable(int start, int end, byte[] bytesFromByteChunk) { + byte[] bytesFromHeaderValue = Arrays.copyOfRange(bytesFromByteChunk, start, end); + String uft8String = new String(bytesFromHeaderValue, StandardCharsets.UTF_8); + Pattern pattern = Pattern.compile(REGEX_RFC_9110_INVALID_CHARACTERS); + return pattern.matcher(uft8String).find(); + } private static void finalizeKnownHeaderNames(final HttpHeader httpHeader, final HeaderParsingState parsingState, final byte[] input, @@ -1113,8 +1174,13 @@ protected boolean parseHeaderFromBuffer(final HttpHeader httpHeader, parsingState.subState++; } case 1: { // parse header name - if (!parseHeaderName(httpHeader, mimeHeaders, parsingState, input)) { + final int result = parseHeaderName(httpHeader, mimeHeaders, parsingState, input); + if (result == -1) { return false; + } else if (result == -2) { // EOL. ignore field-lines + parsingState.subState = 0; + parsingState.start = -1; + return true; } parsingState.subState++; @@ -1160,7 +1226,7 @@ protected boolean parseHeaderFromBuffer(final HttpHeader httpHeader, } } - protected boolean parseHeaderName(final HttpHeader httpHeader, + protected int parseHeaderName(final HttpHeader httpHeader, final MimeHeaders mimeHeaders, final HeaderParsingState parsingState, final Buffer input) { final int limit = Math.min(input.limit(), parsingState.packetLimit); @@ -1177,19 +1243,34 @@ protected boolean parseHeaderName(final HttpHeader httpHeader, finalizeKnownHeaderNames(httpHeader, parsingState, input, start, offset); - return true; + return 0; } else if ((b >= Constants.A) && (b <= Constants.Z)) { if (!preserveHeaderCase) { b -= Constants.LC_OFFSET; } input.put(offset, b); + } else if (b == Constants.CR) { + parsingState.offset = offset; + final int eol = checkEOL(parsingState, input); + if (eol == 0) { // EOL + // the offset is already increased in the check + return -2; + } else if (eol == -2) { // not enough data + // by keeping the offset unchanged, we will recheck the EOL at the next opportunity. + break; + } + } + + if (!CookieHeaderParser.isToken(b)) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header name"); } offset++; } parsingState.offset = offset; - return false; + return -1; } protected static int parseHeaderValue(final HttpHeader httpHeader, diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java b/modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java new file mode 100644 index 0000000000..c480dd5fb9 --- /dev/null +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java @@ -0,0 +1,311 @@ +/* + * Copyright (c) 2022, 2022 Contributors to the Eclipse Foundation + * Copyright 2004, 2022 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.glassfish.grizzly.http.util; + +import org.glassfish.grizzly.http.Cookies; +import org.glassfish.grizzly.http.LazyCookieState; + +/** + *

Cookie header parser based on RFC6265

+ *

The parsing of cookies using RFC6265 is more relaxed that the + * specification in the following ways:

+ *
    + *
  • Values 0x80 to 0xFF are permitted in cookie-octet to support the use of + * UTF-8 in cookie values as used by HTML 5.
    • + *
  • For cookies without a value, the '=' is not required after the name as + * some browsers do not sent it.
    • + *
+ * + *

Implementation note:
+ * This class has been carefully tuned.

+ * + * @author The Tomcat team + * @author Arjan Tijms + */ +public class CookieHeaderParser { + + private static final boolean isCookieOctet[] = new boolean[256]; + private static final boolean isText[] = new boolean[256]; + private static final byte[] EMPTY_BYTES = new byte[0]; + private static final byte TAB_BYTE = (byte) 0x09; + private static final byte SPACE_BYTE = (byte) 0x20; + private static final byte QUOTE_BYTE = (byte) 0x22; + private static final byte COMMA_BYTE = (byte) 0x2C; + private static final byte SEMICOLON_BYTE = (byte) 0x3B; + private static final byte EQUALS_BYTE = (byte) 0x3D; + private static final byte SLASH_BYTE = (byte) 0x5C; + private static final byte DEL_BYTE = (byte) 0x7F; + + private static final int ARRAY_SIZE = 128; + private static final boolean[] IS_CONTROL = new boolean[ARRAY_SIZE]; + private static final boolean[] IS_SEPARATOR = new boolean[ARRAY_SIZE]; + private static final boolean[] IS_TOKEN = new boolean[ARRAY_SIZE]; + + static { + // %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E (RFC6265) + // %x80 to %xFF (UTF-8) + for (int i = 0; i < 256; i++) { + if (i < 0x21 || i == QUOTE_BYTE || i == COMMA_BYTE || i == SEMICOLON_BYTE || i == SLASH_BYTE || i == DEL_BYTE) { + isCookieOctet[i] = false; + } else { + isCookieOctet[i] = true; + } + } + + for (int i = 0; i < 256; i++) { + if (i < TAB_BYTE || (i > TAB_BYTE && i < SPACE_BYTE) || i == DEL_BYTE) { + isText[i] = false; + } else { + isText[i] = true; + } + } + + for (int i = 0; i < ARRAY_SIZE; i++) { + // Control> 0-31, 127 + if (i < 32 || i == 127) { + IS_CONTROL[i] = true; + } + + // Separator + if (i == '(' || i == ')' || i == '<' || i == '>' || i == '@' || + i == ',' || i == ';' || i == ':' || i == '\\' || i == '\"' || + i == '/' || i == '[' || i == ']' || i == '?' || i == '=' || + i == '{' || i == '}' || i == ' ' || i == '\t') { + IS_SEPARATOR[i] = true; + } + + // Token: Anything 0-127 that is not a control and not a separator + if (!IS_CONTROL[i] && !IS_SEPARATOR[i] && i < 128) { + IS_TOKEN[i] = true; + } + } + } + + + private CookieHeaderParser() { + // Hide default constructor + } + + + public static void parseCookie(byte[] bytes, int offset, int len, Cookies serverCookies) { + + // ByteBuffer is used throughout this parser as it allows the byte[] + // and position information to be easily passed between parsing methods + ByteBuffer byteBuffer = new ByteBuffer(bytes, offset, len); + + boolean moreToProcess = true; + + while (moreToProcess) { + skipWhiteSpace(byteBuffer); + + ByteBuffer name = readToken(byteBuffer); + ByteBuffer value = null; + + skipWhiteSpace(byteBuffer); + + SkipResult skipResult = skipByte(byteBuffer, EQUALS_BYTE); + if (skipResult == SkipResult.FOUND) { + skipWhiteSpace(byteBuffer); + value = readCookieValueRfc6265(byteBuffer); + if (value == null) { + // Invalid cookie value. Skip to the next semi-colon + skipUntilSemiColon(byteBuffer); + continue; + } + skipWhiteSpace(byteBuffer); + } + + skipResult = skipByte(byteBuffer, SEMICOLON_BYTE); + if (skipResult == SkipResult.FOUND) { + // NO-OP + } else if (skipResult == SkipResult.NOT_FOUND) { + // Invalid cookie. Ignore it and skip to the next semi-colon + skipUntilSemiColon(byteBuffer); + continue; + } else { + // SkipResult.EOF + moreToProcess = false; + } + + if (name.hasRemaining()) { + LazyCookieState lazyCookie = serverCookies.getNextUnusedCookie().getLazyCookieState(); + lazyCookie.getName().setBytes(name.array(), name.position(), name.position() + name.remaining()); + if (value == null) { + lazyCookie.getValue().setBytes(EMPTY_BYTES, 0, EMPTY_BYTES.length); + } else { + lazyCookie.getValue().setBytes(value.array(), value.position(), value.position() + value.remaining()); + } + } + } + } + + + private static void skipWhiteSpace(ByteBuffer byteBuffer) { + while (byteBuffer.hasRemaining()) { + byte b = byteBuffer.get(); + if (b != TAB_BYTE && b != SPACE_BYTE) { + byteBuffer.rewind(); + break; + } + } + } + + + private static void skipUntilSemiColon(ByteBuffer byteBuffer) { + while (byteBuffer.hasRemaining()) { + if (byteBuffer.get() == SEMICOLON_BYTE) { + break; + } + } + } + + + private static SkipResult skipByte(ByteBuffer byteBuffer, byte target) { + if (!byteBuffer.hasRemaining()) { + return SkipResult.EOF; + } + if (byteBuffer.get() == target) { + return SkipResult.FOUND; + } + + byteBuffer.rewind(); + return SkipResult.NOT_FOUND; + } + + + /** + * Similar to readCookieValue() but treats a comma as part of an invalid + * value. + */ + private static ByteBuffer readCookieValueRfc6265(ByteBuffer byteBuffer) { + boolean quoted = false; + if (byteBuffer.hasRemaining()) { + if (byteBuffer.get() == QUOTE_BYTE) { + quoted = true; + } else { + byteBuffer.rewind(); + } + } + + int start = byteBuffer.position(); + int end = byteBuffer.limit(); + while (byteBuffer.hasRemaining()) { + byte b = byteBuffer.get(); + if (isCookieOctet[(b & 0xFF)]) { + // NO-OP + } else if (b == SEMICOLON_BYTE || b == SPACE_BYTE || b == TAB_BYTE) { + end = byteBuffer.position() - 1; + byteBuffer.position(end); + break; + } else if (quoted && b == QUOTE_BYTE) { + end = byteBuffer.position() - 1; + break; + } else { + // Invalid cookie + return null; + } + } + + return new ByteBuffer(byteBuffer.bytes, start, end - start); + } + + + private static ByteBuffer readToken(ByteBuffer byteBuffer) { + final int start = byteBuffer.position(); + int end = byteBuffer.limit(); + while (byteBuffer.hasRemaining()) { + if (!isToken(byteBuffer.get())) { + end = byteBuffer.position() - 1; + byteBuffer.position(end); + break; + } + } + + return new ByteBuffer(byteBuffer.bytes, start, end - start); + } + + public static boolean isToken(int c) { + // Fast for correct values, slower for incorrect ones + try { + return IS_TOKEN[c]; + } catch (ArrayIndexOutOfBoundsException ex) { + return false; + } + } + + + /** + * Custom implementation that skips many of the safety checks in + * {@link java.nio.ByteBuffer}. + */ + private static class ByteBuffer { + + private final byte[] bytes; + private int limit; + private int position = 0; + + public ByteBuffer(byte[] bytes, int offset, int len) { + this.bytes = bytes; + this.position = offset; + this.limit = offset + len; + } + + public int position() { + return position; + } + + public void position(int position) { + this.position = position; + } + + public int limit() { + return limit; + } + + public int remaining() { + return limit - position; + } + + public boolean hasRemaining() { + return position < limit; + } + + public byte get() { + return bytes[position++]; + } + + public void rewind() { + position--; + } + + public byte[] array() { + return bytes; + } + + // For debug purposes + @Override + public String toString() { + return "position [" + position + "], limit [" + limit + "]"; + } + } + + private static enum SkipResult { + FOUND, + NOT_FOUND, + EOF + } +} diff --git a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java index d0e833a512..7624dd8388 100644 --- a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java +++ b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java @@ -1,7 +1,7 @@ /* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * - * Copyright (c) 2010-2016 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010-2024 Oracle and/or its affiliates. All rights reserved. * * The contents of this file are subject to the terms of either the GNU * General Public License Version 2 only ("GPL") or the Common Development @@ -72,6 +72,9 @@ import org.glassfish.grizzly.utils.ChunkingFilter; import org.glassfish.grizzly.utils.Pair; +import static org.glassfish.grizzly.http.HttpCodecFilter.STRICT_HEADER_NAME_VALIDATION_RFC_9110; +import static org.glassfish.grizzly.http.HttpCodecFilter.STRICT_HEADER_VALUE_VALIDATION_RFC_9110; + /** * Testing HTTP request parsing * @@ -81,6 +84,20 @@ public class HttpRequestParseTest extends TestCase { public static final int PORT = 19000; + @Override + protected void setUp() throws Exception { + super.setUp(); + System.setProperty(STRICT_HEADER_NAME_VALIDATION_RFC_9110, String.valueOf(Boolean.TRUE)); + System.setProperty(STRICT_HEADER_VALUE_VALIDATION_RFC_9110, String.valueOf(Boolean.TRUE)); + } + + @Override + protected void tearDown() throws Exception { + super.tearDown(); + System.setProperty(STRICT_HEADER_NAME_VALIDATION_RFC_9110, String.valueOf(Boolean.FALSE)); + System.setProperty(STRICT_HEADER_VALUE_VALIDATION_RFC_9110, String.valueOf(Boolean.FALSE)); + } + public void testCustomMethod() throws Exception { doHttpRequestTest("TAKE", "/index.html", "HTTP/1.0", Collections.>emptyMap(), "\r\n"); } @@ -105,6 +122,63 @@ public void testSimpleHeadersPreserveCase() throws Exception { doHttpRequestTest("POST", "/index.html", "HTTP/1.1", headers, "\r\n", true); } + public void testDisallowedHeaders() { + final StringBuilder sb = new StringBuilder("GET / HTTP/1.1\r\n"); + sb.append("Host: localhost\r\n"); + sb.append(new char[]{0x00, 0x01, 0x02, '\t', '\n', '\r', ' ', '\"', '(', ')', '/', ';', '<', '=', '>', '?', '@', + '[', 0x5c, ']', '{', '}'}).append(": some-value\r\n"); + sb.append("\r\n"); + try { + doTestDecoder(sb.toString(), 128); + fail("Bad HTTP headers exception had to be thrown"); + } catch (IllegalStateException e) { + // expected + } + try { + doTestDecoder("GET /index.html HTTP/1.1\nHost: localhost\nContent -Length: 1234\n\n", 128); + fail("Bad HTTP headers exception had to be thrown"); + } catch (IllegalStateException e) { + // expected + } + try { + doTestDecoder("GET /index.html HTTP/1.1\nHost: localhost\nContent-\rLength: 1234\n\n", 128); + fail("Bad HTTP headers exception had to be thrown"); + } catch (IllegalStateException e) { + // expected + } + } + + public void testDisallowedCharactersForHeaderContentValues() { + try { + doTestDecoder("GET /index.html HTTP/1.1\nHost: loca\\rlhost\nContent -Length: 1234\n\n", 128); + fail("Bad HTTP headers exception had to be thrown"); + } catch (IllegalStateException e) { + // expected + } + try { + doTestDecoder("GET /index.html HTTP/1.1\nHost: loca\\nlhost\nContent-Length: 1234\n\n", 128); + fail("Bad HTTP headers exception had to be thrown"); + } catch (IllegalStateException e) { + // expected + } + try { + doTestDecoder("GET /index.html HTTP/1.1\nHost: loca\\0lhost\nContent-Length: 1234\n\n", 128); + fail("Bad HTTP headers exception had to be thrown"); + } catch (IllegalStateException e) { + // expected + } + } + + public void testIgnoredHeaders() throws Exception { + final Map> headers = new HashMap<>(); + headers.put("Host", new Pair<>("localhost", "localhost")); + headers.put("Ignore\r\nContent-length", new Pair<>("2345", "2345")); + final Map> expectedHeaders = new HashMap<>(); + expectedHeaders.put("Host", new Pair<>("localhost", "localhost")); + expectedHeaders.put("Content-length", new Pair<>("2345", "2345")); + doHttpRequestTest("POST", "/index.html", "HTTP/1.1", headers, expectedHeaders, "\r\n"); + } + public void testMultiLineHeaders() throws Exception { Map> headers = new HashMap>(); @@ -232,6 +306,18 @@ protected void onHttpHeaderError(final HttpHeader httpHeader, } } + private void doHttpRequestTest(String method, String requestURI, String protocol, + Map> headers, + Map> expectedHeaders, String eol) throws Exception { + doHttpRequestTest(new Pair<>(method, method), new Pair<>(requestURI, requestURI), + new Pair<>(protocol, protocol), headers, expectedHeaders, eol, false); + } + + private void doHttpRequestTest(Pair method, Pair requestURI, Pair protocol, + Map> headers, String eol, boolean preserveHeaderCase) throws Exception { + doHttpRequestTest(method, requestURI, protocol, headers, headers, eol, preserveHeaderCase); + } + private void doHttpRequestTest(String method, String requestURI, String protocol, Map> headers, String eol) throws Exception { @@ -253,7 +339,7 @@ private void doHttpRequestTest(String method, String requestURI, @SuppressWarnings("unchecked") private void doHttpRequestTest(Pair method, Pair requestURI, Pair protocol, - Map> headers, String eol, + Map> headers, Map> expectedHeaders, String eol, boolean preserveHeaderCase) throws Exception { @@ -269,7 +355,7 @@ private void doHttpRequestTest(Pair method, .add(new ChunkingFilter(2)) .add(serverFilter) .add(new HTTPRequestCheckFilter(parseResult, - method, requestURI, protocol, headers, preserveHeaderCase)); + method, requestURI, protocol, expectedHeaders == null ? headers : expectedHeaders, preserveHeaderCase)); TCPNIOTransport transport = TCPNIOTransportBuilder.newInstance().build(); transport.setProcessor(filterChainBuilder.build()); diff --git a/modules/monitoring/grizzly/pom.xml b/modules/monitoring/grizzly/pom.xml index 4afb4204f9..a7cdcb799d 100644 --- a/modules/monitoring/grizzly/pom.xml +++ b/modules/monitoring/grizzly/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-framework-monitoring bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-framework-monitoring install diff --git a/modules/monitoring/http-server/pom.xml b/modules/monitoring/http-server/pom.xml index 1f5c1d77b4..21ee2ba611 100644 --- a/modules/monitoring/http-server/pom.xml +++ b/modules/monitoring/http-server/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-http-server-monitoring bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-server-monitoring install diff --git a/modules/monitoring/http/pom.xml b/modules/monitoring/http/pom.xml index 13d750aa45..666059b754 100644 --- a/modules/monitoring/http/pom.xml +++ b/modules/monitoring/http/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 grizzly-http-monitoring bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-monitoring install diff --git a/modules/monitoring/pom.xml b/modules/monitoring/pom.xml index 2273ca269a..09bfaf44bd 100644 --- a/modules/monitoring/pom.xml +++ b/modules/monitoring/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-monitoring pom - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-monitoring grizzly diff --git a/modules/pom.xml b/modules/pom.xml index 624f73b0f6..778b2fa94a 100644 --- a/modules/pom.xml +++ b/modules/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../pom.xml 4.0.0 grizzly-modules pom - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-modules diff --git a/modules/portunif/pom.xml b/modules/portunif/pom.xml index 38f37775f2..31b90e68c0 100644 --- a/modules/portunif/pom.xml +++ b/modules/portunif/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-portunif bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-portunif install diff --git a/modules/spdy/pom.xml b/modules/spdy/pom.xml index bc932a7a11..6ddb36bd46 100644 --- a/modules/spdy/pom.xml +++ b/modules/spdy/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-spdy - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-spdy install diff --git a/modules/websockets/pom.xml b/modules/websockets/pom.xml index 3595f5fbc9..c16d8f8b71 100644 --- a/modules/websockets/pom.xml +++ b/modules/websockets/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 grizzly-websockets bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-websockets install diff --git a/pom.xml b/pom.xml index 5e1f83bd69..9c594ab1c2 100644 --- a/pom.xml +++ b/pom.xml @@ -44,7 +44,7 @@ org.glassfish.grizzly grizzly-bom - 2.3.31.payara-p4 + 2.3.31.payara-p5 bom/pom.xml @@ -52,7 +52,7 @@ grizzly-project pom grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 http://grizzly.java.net GitHub @@ -155,6 +155,14 @@ target ${project.artifactId}-${project.version} + + org.apache.maven.plugins + maven-resources-plugin + 3.1.0 + + UTF-8 + + org.apache.maven.plugins maven-enforcer-plugin diff --git a/samples/comet/comet-counter/pom.xml b/samples/comet/comet-counter/pom.xml index 8ea9912cde..48f272100b 100755 --- a/samples/comet/comet-counter/pom.xml +++ b/samples/comet/comet-counter/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-comet-counter war - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-comet-counter https://grizzly.java.net diff --git a/samples/comet/pom.xml b/samples/comet/pom.xml index 26ae2fda04..301d96ba01 100755 --- a/samples/comet/pom.xml +++ b/samples/comet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-comet-samples - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-comet-samples pom diff --git a/samples/connection-pool-samples/pom.xml b/samples/connection-pool-samples/pom.xml index 8fac813f14..5196803cbc 100755 --- a/samples/connection-pool-samples/pom.xml +++ b/samples/connection-pool-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples connection-pool-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 connection-pool-samples install diff --git a/samples/framework-samples/pom.xml b/samples/framework-samples/pom.xml index 223e9e9744..10d203486a 100755 --- a/samples/framework-samples/pom.xml +++ b/samples/framework-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-framework-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-framework-samples install diff --git a/samples/http-ajp-samples/pom.xml b/samples/http-ajp-samples/pom.xml index 3606a24b1e..a5f13ab925 100644 --- a/samples/http-ajp-samples/pom.xml +++ b/samples/http-ajp-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-ajp-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-ajp-samples install diff --git a/samples/http-jaxws-samples/pom.xml b/samples/http-jaxws-samples/pom.xml index 21283cfbac..2f878b0f70 100644 --- a/samples/http-jaxws-samples/pom.xml +++ b/samples/http-jaxws-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-jaxws-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-jaxws-samples install diff --git a/samples/http-multipart-samples/pom.xml b/samples/http-multipart-samples/pom.xml index f98d8b264e..9cf427ef2b 100644 --- a/samples/http-multipart-samples/pom.xml +++ b/samples/http-multipart-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-multipart-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-multipart-samples install diff --git a/samples/http-samples/pom.xml b/samples/http-samples/pom.xml index a43485452f..ba2149b2e4 100755 --- a/samples/http-samples/pom.xml +++ b/samples/http-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-samples install diff --git a/samples/http-server-samples/pom.xml b/samples/http-server-samples/pom.xml index 6ea19abedc..c0366a42b5 100644 --- a/samples/http-server-samples/pom.xml +++ b/samples/http-server-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-server-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-http-server-samples install diff --git a/samples/pom.xml b/samples/pom.xml index 67332d4446..c623828018 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-samples pom - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-samples framework-samples diff --git a/samples/portunif/pom.xml b/samples/portunif/pom.xml index 7f65798f27..251d9af3f5 100644 --- a/samples/portunif/pom.xml +++ b/samples/portunif/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-portunif-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-portunif-samples install diff --git a/samples/spdy-samples/pom.xml b/samples/spdy-samples/pom.xml index 7012de2b55..b7a7713e68 100644 --- a/samples/spdy-samples/pom.xml +++ b/samples/spdy-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-spdy-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-spdy-samples install diff --git a/samples/tls-sni-samples/pom.xml b/samples/tls-sni-samples/pom.xml index e6251e9238..f6c40340ea 100644 --- a/samples/tls-sni-samples/pom.xml +++ b/samples/tls-sni-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-tls-sni-samples bundle - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-tls-sni-samples install diff --git a/samples/websockets/chat-ssl/pom.xml b/samples/websockets/chat-ssl/pom.xml index 1438648f1f..9b03d10f43 100755 --- a/samples/websockets/chat-ssl/pom.xml +++ b/samples/websockets/chat-ssl/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-websockets-chat-ssl war - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-websockets-chat-ssl http://maven.apache.org diff --git a/samples/websockets/chat/pom.xml b/samples/websockets/chat/pom.xml index 4119106604..ecb36aa17e 100755 --- a/samples/websockets/chat/pom.xml +++ b/samples/websockets/chat/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p4 + 2.3.31.payara-p5 ../../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-websockets-chat war - 2.3.31.payara-p4 + 2.3.31.payara-p5 grizzly-websockets-chat http://maven.apache.org From 1fbdfd0a683d4694340f401071a3cc5fdc10e690 Mon Sep 17 00:00:00 2001 From: Alfonso Altamirano Date: Tue, 19 Nov 2024 22:15:35 -0600 Subject: [PATCH 2/6] FISH-9690: update implementation based on grizzly contribution --- .../grizzly/http/HttpCodecFilter.java | 72 ++++++++++--------- .../grizzly/http/util/CookieHeaderParser.java | 12 +++- .../grizzly/http/HttpRequestParseTest.java | 19 +++++ 3 files changed, 67 insertions(+), 36 deletions(-) diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java index 3223b5ad5a..7ace3a3687 100644 --- a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java @@ -41,12 +41,10 @@ package org.glassfish.grizzly.http; import java.io.IOException; -import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; -import java.util.regex.Pattern; import org.glassfish.grizzly.Buffer; import org.glassfish.grizzly.Connection; import org.glassfish.grizzly.Grizzly; @@ -164,8 +162,6 @@ public abstract class HttpCodecFilter extends HttpBaseFilter private static final boolean isStrictHeaderNameValidationSet = Boolean.parseBoolean(System.getProperty(STRICT_HEADER_NAME_VALIDATION_RFC_9110)); private static final boolean isStrictHeaderValueValidationSet = Boolean.parseBoolean(System.getProperty(STRICT_HEADER_VALUE_VALIDATION_RFC_9110)); - - private static final String REGEX_RFC_9110_INVALID_CHARACTERS = "(\\\\n)|(\\\\0)|(\\\\r)|(\\\\x00)|(\\\\x0A)|(\\\\x0D)"; /** * File cache probes @@ -960,6 +956,20 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, while (offset < limit) { final byte b = input[offset]; if (b == Constants.CR) { + if (isStrictHeaderValueValidationSet) { + if (offset + 1 < limit) { + final byte b2 = input[offset + 1]; + if (b2 == Constants.LF) { + // Continue for next parsing without the validation + offset++; + continue; + } + } else { + // not enough data + parsingState.offset = offset - arrayOffs; + return -1; + } + } } else if (b == Constants.LF) { // Check if it's not multi line header if (offset + 1 < limit) { @@ -976,10 +986,6 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, parsingState.headerValueStorage.setBytes(input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2); - if (isStrictHeaderValueValidationSet) { - //make validation with regex mode - validateRFC9110Characters(input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2); - } return 0; } } @@ -1001,35 +1007,15 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, parsingState.checkpoint2 = parsingState.checkpoint; } + if (isStrictHeaderValueValidationSet && !CookieHeaderParser.isText(b)) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header value"); + } offset++; } parsingState.offset = offset - arrayOffs; return -1; } - - private static void validateRFC9110Characters(final byte[] headerValueContent, int start, int end) { - if (headerValueContent != null) { - if (isInvalidCharacterAvailable(start, end, headerValueContent)) { - throw new IllegalStateException( - "An invalid character NUL, LF or CR found in the header value: " + headerValueContent.toString()); - } - } - } - - /** - * This method evaluates the String from the bytes that contains Header Value and validates if contains literal value - * of \n, \r or \0 , in case any of those characters are available return true - * @param start index of the starting point to extract characters from the byte array - * @param end index of the end point to extract characters from the byte array - * @param bytesFromByteChunk represents the bytes from the request message to be processed - * @return Boolean true if any of those characters are available - */ - private static boolean isInvalidCharacterAvailable(int start, int end, byte[] bytesFromByteChunk) { - byte[] bytesFromHeaderValue = Arrays.copyOfRange(bytesFromByteChunk, start, end); - String uft8String = new String(bytesFromHeaderValue, StandardCharsets.UTF_8); - Pattern pattern = Pattern.compile(REGEX_RFC_9110_INVALID_CHARACTERS); - return pattern.matcher(uft8String).find(); - } private static void finalizeKnownHeaderNames(final HttpHeader httpHeader, final HeaderParsingState parsingState, final byte[] input, @@ -1249,7 +1235,7 @@ protected int parseHeaderName(final HttpHeader httpHeader, b -= Constants.LC_OFFSET; } input.put(offset, b); - } else if (b == Constants.CR) { + } else if (isStrictHeaderNameValidationSet && b == Constants.CR) { parsingState.offset = offset; final int eol = checkEOL(parsingState, input); if (eol == 0) { // EOL @@ -1261,7 +1247,7 @@ protected int parseHeaderName(final HttpHeader httpHeader, } } - if (!CookieHeaderParser.isToken(b)) { + if (isStrictHeaderNameValidationSet && !CookieHeaderParser.isToken(b)) { throw new IllegalStateException( "An invalid character 0x" + Integer.toHexString(b) + " was found in the header name"); } @@ -1285,6 +1271,20 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, while(offset < limit) { final byte b = input.get(offset); if (b == Constants.CR) { + if (isStrictHeaderValueValidationSet) { + if (offset + 1 < limit) { + final byte b2 = input.get(offset + 1); + if (b2 == Constants.LF) { + // Continue for next parsing without the validation + offset++; + continue; + } + } else { + // not enough data + parsingState.offset = offset; + return -1; + } + } } else if (b == Constants.LF) { // Check if it's not multi line header if (offset + 1 < limit) { @@ -1320,6 +1320,10 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, parsingState.checkpoint2 = parsingState.checkpoint; } + if (isStrictHeaderValueValidationSet && !CookieHeaderParser.isText(b)) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header value"); + } offset++; } parsingState.offset = offset; diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java b/modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java index c480dd5fb9..024ee0ef76 100644 --- a/modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/util/CookieHeaderParser.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, 2022 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation * Copyright 2004, 2022 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -247,7 +247,15 @@ public static boolean isToken(int c) { } } - + public static boolean isText(int c) { + // Fast for correct values, slower for incorrect ones + try { + return isText[c]; + } catch (ArrayIndexOutOfBoundsException ex) { + return false; + } + } + /** * Custom implementation that skips many of the safety checks in * {@link java.nio.ByteBuffer}. diff --git a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java index 7624dd8388..e2503a288b 100644 --- a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java +++ b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java @@ -149,6 +149,15 @@ public void testDisallowedHeaders() { } public void testDisallowedCharactersForHeaderContentValues() { + final StringBuilder sb = new StringBuilder("GET / HTTP/1.1\r\n"); + sb.append("Host: localhost\r\n"); + sb.append("Some-Header: some-"); + // valid header values + sb.append(new char[]{'\t', ' ', '\"', '(', ')', '/', ';', '<', '=', '>', '?', '@', '[', 0x5c, ']', '{', '}'}) + .append("\r\n"); + sb.append("\r\n"); + doTestDecoder(sb.toString(), 128); + try { doTestDecoder("GET /index.html HTTP/1.1\nHost: loca\\rlhost\nContent -Length: 1234\n\n", 128); fail("Bad HTTP headers exception had to be thrown"); @@ -167,6 +176,16 @@ public void testDisallowedCharactersForHeaderContentValues() { } catch (IllegalStateException e) { // expected } + + final char[] invalidChars = new char[]{0x00, 0x01, 0x02, '\r'}; + for (final char ch : invalidChars) { + try { + doTestDecoder("GET /index.html HTTP/1.1\nHost: localhost\nSome-Header: some-" + ch + "value\n\n", 128); + fail("Bad HTTP headers exception had to be thrown"); + } catch (IllegalStateException e) { + // expected + } + } } public void testIgnoredHeaders() throws Exception { From 3f445a6fc9fa443002f54e4dcf79661b261271a0 Mon Sep 17 00:00:00 2001 From: Alfonso Altamirano Date: Tue, 19 Nov 2024 22:26:55 -0600 Subject: [PATCH 3/6] FISH-9690: adding snapshot name --- bom/pom.xml | 2 +- extras/bundles/grizzly-httpservice-bundle/pom.xml | 4 ++-- extras/bundles/pom.xml | 4 ++-- extras/connection-pool/pom.xml | 4 ++-- extras/grizzly-httpservice/pom.xml | 4 ++-- extras/http-server-jaxws/pom.xml | 4 ++-- extras/http-server-multipart/pom.xml | 4 ++-- extras/http-servlet-extras/pom.xml | 4 ++-- extras/pom.xml | 4 ++-- extras/tls-sni/pom.xml | 4 ++-- modules/bundles/comet/pom.xml | 4 ++-- modules/bundles/core/pom.xml | 4 ++-- modules/bundles/http-all/pom.xml | 4 ++-- modules/bundles/http-servlet/pom.xml | 4 ++-- modules/bundles/http/pom.xml | 4 ++-- modules/bundles/pom.xml | 4 ++-- modules/bundles/websockets/pom.xml | 4 ++-- modules/comet/pom.xml | 4 ++-- modules/grizzly/pom.xml | 4 ++-- modules/http-ajp/pom.xml | 4 ++-- modules/http-server/pom.xml | 4 ++-- modules/http-servlet/pom.xml | 4 ++-- modules/http/pom.xml | 4 ++-- modules/monitoring/grizzly/pom.xml | 4 ++-- modules/monitoring/http-server/pom.xml | 4 ++-- modules/monitoring/http/pom.xml | 4 ++-- modules/monitoring/pom.xml | 4 ++-- modules/pom.xml | 4 ++-- modules/portunif/pom.xml | 4 ++-- modules/spdy/pom.xml | 4 ++-- modules/websockets/pom.xml | 4 ++-- pom.xml | 4 ++-- samples/comet/comet-counter/pom.xml | 4 ++-- samples/comet/pom.xml | 4 ++-- samples/connection-pool-samples/pom.xml | 4 ++-- samples/framework-samples/pom.xml | 4 ++-- samples/http-ajp-samples/pom.xml | 4 ++-- samples/http-jaxws-samples/pom.xml | 4 ++-- samples/http-multipart-samples/pom.xml | 4 ++-- samples/http-samples/pom.xml | 4 ++-- samples/http-server-samples/pom.xml | 4 ++-- samples/pom.xml | 4 ++-- samples/portunif/pom.xml | 4 ++-- samples/spdy-samples/pom.xml | 4 ++-- samples/tls-sni-samples/pom.xml | 4 ++-- samples/websockets/chat-ssl/pom.xml | 4 ++-- samples/websockets/chat/pom.xml | 4 ++-- 47 files changed, 93 insertions(+), 93 deletions(-) diff --git a/bom/pom.xml b/bom/pom.xml index 1a72a34709..c2071e853c 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -55,7 +55,7 @@ grizzly-bom pom grizzly-bom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT Grizzly Bill of Materials (BOM) diff --git a/extras/bundles/grizzly-httpservice-bundle/pom.xml b/extras/bundles/grizzly-httpservice-bundle/pom.xml index 5bec125bed..9edc7e4899 100644 --- a/extras/bundles/grizzly-httpservice-bundle/pom.xml +++ b/extras/bundles/grizzly-httpservice-bundle/pom.xml @@ -44,13 +44,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 jar Grizzly OSGi HttpService Bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT org.glassfish.grizzly.osgi grizzly-httpservice-bundle diff --git a/extras/bundles/pom.xml b/extras/bundles/pom.xml index bd10c02c11..9717fa04b6 100644 --- a/extras/bundles/pom.xml +++ b/extras/bundles/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-extra-bundles pom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-extra-bundles diff --git a/extras/connection-pool/pom.xml b/extras/connection-pool/pom.xml index 95dc178a01..3ce01f8676 100644 --- a/extras/connection-pool/pom.xml +++ b/extras/connection-pool/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 connection-pool bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT connection-pool install diff --git a/extras/grizzly-httpservice/pom.xml b/extras/grizzly-httpservice/pom.xml index e4fcadca66..c05324de5b 100644 --- a/extras/grizzly-httpservice/pom.xml +++ b/extras/grizzly-httpservice/pom.xml @@ -44,14 +44,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 jar Grizzly OSGi HttpService - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT org.glassfish.grizzly.osgi grizzly-httpservice diff --git a/extras/http-server-jaxws/pom.xml b/extras/http-server-jaxws/pom.xml index c0f211230c..434edb6843 100644 --- a/extras/http-server-jaxws/pom.xml +++ b/extras/http-server-jaxws/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-http-server-jaxws bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-server-jaxws install diff --git a/extras/http-server-multipart/pom.xml b/extras/http-server-multipart/pom.xml index 31e24565ca..40fe1fb310 100644 --- a/extras/http-server-multipart/pom.xml +++ b/extras/http-server-multipart/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-http-server-multipart bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-server-multipart install diff --git a/extras/http-servlet-extras/pom.xml b/extras/http-servlet-extras/pom.xml index 233c0a9ebb..709c514ec1 100644 --- a/extras/http-servlet-extras/pom.xml +++ b/extras/http-servlet-extras/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-http-servlet-extras bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-servlet-extras install diff --git a/extras/pom.xml b/extras/pom.xml index dab99377a7..f9af391220 100644 --- a/extras/pom.xml +++ b/extras/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../pom.xml 4.0.0 grizzly-extras pom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-extras diff --git a/extras/tls-sni/pom.xml b/extras/tls-sni/pom.xml index dbdea92f0a..fe119d0489 100644 --- a/extras/tls-sni/pom.xml +++ b/extras/tls-sni/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 tls-sni bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT tls-sni install diff --git a/modules/bundles/comet/pom.xml b/modules/bundles/comet/pom.xml index c3ef58e4d9..6c7284ded1 100644 --- a/modules/bundles/comet/pom.xml +++ b/modules/bundles/comet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-comet-server jar - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-comet-server install diff --git a/modules/bundles/core/pom.xml b/modules/bundles/core/pom.xml index cf4e547871..274ac27f92 100644 --- a/modules/bundles/core/pom.xml +++ b/modules/bundles/core/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-core jar - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-core install diff --git a/modules/bundles/http-all/pom.xml b/modules/bundles/http-all/pom.xml index 762bea75ab..a770543c37 100644 --- a/modules/bundles/http-all/pom.xml +++ b/modules/bundles/http-all/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-http-all jar - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-all install diff --git a/modules/bundles/http-servlet/pom.xml b/modules/bundles/http-servlet/pom.xml index a5678dfdba..73527b1205 100755 --- a/modules/bundles/http-servlet/pom.xml +++ b/modules/bundles/http-servlet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-http-servlet-server jar - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-servlet-server install diff --git a/modules/bundles/http/pom.xml b/modules/bundles/http/pom.xml index 77cf020a36..a7285dbdcc 100755 --- a/modules/bundles/http/pom.xml +++ b/modules/bundles/http/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-http-server-core jar - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-server-core install diff --git a/modules/bundles/pom.xml b/modules/bundles/pom.xml index a79f87c7ba..29d508e9d2 100644 --- a/modules/bundles/pom.xml +++ b/modules/bundles/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-bundles pom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-bundles diff --git a/modules/bundles/websockets/pom.xml b/modules/bundles/websockets/pom.xml index e7ef6163ab..258d023b67 100644 --- a/modules/bundles/websockets/pom.xml +++ b/modules/bundles/websockets/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-websockets-server jar - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-websockets-server install diff --git a/modules/comet/pom.xml b/modules/comet/pom.xml index ed5e5b02d5..e90f7eb5d5 100644 --- a/modules/comet/pom.xml +++ b/modules/comet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-comet bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-comet install diff --git a/modules/grizzly/pom.xml b/modules/grizzly/pom.xml index 29896b21ac..b27dd8b061 100644 --- a/modules/grizzly/pom.xml +++ b/modules/grizzly/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-framework bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-framework install diff --git a/modules/http-ajp/pom.xml b/modules/http-ajp/pom.xml index 891ae3e133..5cdcd9777d 100755 --- a/modules/http-ajp/pom.xml +++ b/modules/http-ajp/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-http-ajp bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-ajp http://grizzly.java.net diff --git a/modules/http-server/pom.xml b/modules/http-server/pom.xml index 33af8339df..1d0ed1ebb9 100644 --- a/modules/http-server/pom.xml +++ b/modules/http-server/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-http-server bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-server install diff --git a/modules/http-servlet/pom.xml b/modules/http-servlet/pom.xml index 3e0dd6e447..0902489709 100755 --- a/modules/http-servlet/pom.xml +++ b/modules/http-servlet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-http-servlet bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-servlet install diff --git a/modules/http/pom.xml b/modules/http/pom.xml index bdeb6ce477..436fdf4579 100644 --- a/modules/http/pom.xml +++ b/modules/http/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-http bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http install diff --git a/modules/monitoring/grizzly/pom.xml b/modules/monitoring/grizzly/pom.xml index a7cdcb799d..6c2f2c9391 100644 --- a/modules/monitoring/grizzly/pom.xml +++ b/modules/monitoring/grizzly/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-framework-monitoring bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-framework-monitoring install diff --git a/modules/monitoring/http-server/pom.xml b/modules/monitoring/http-server/pom.xml index 21ee2ba611..ce3d5b8eee 100644 --- a/modules/monitoring/http-server/pom.xml +++ b/modules/monitoring/http-server/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-http-server-monitoring bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-server-monitoring install diff --git a/modules/monitoring/http/pom.xml b/modules/monitoring/http/pom.xml index 666059b754..af1af0a719 100644 --- a/modules/monitoring/http/pom.xml +++ b/modules/monitoring/http/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 grizzly-http-monitoring bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-monitoring install diff --git a/modules/monitoring/pom.xml b/modules/monitoring/pom.xml index 09bfaf44bd..502adc93d5 100644 --- a/modules/monitoring/pom.xml +++ b/modules/monitoring/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-monitoring pom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-monitoring grizzly diff --git a/modules/pom.xml b/modules/pom.xml index 778b2fa94a..ebe870313f 100644 --- a/modules/pom.xml +++ b/modules/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../pom.xml 4.0.0 grizzly-modules pom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-modules diff --git a/modules/portunif/pom.xml b/modules/portunif/pom.xml index 31b90e68c0..9e47b5ee76 100644 --- a/modules/portunif/pom.xml +++ b/modules/portunif/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-portunif bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-portunif install diff --git a/modules/spdy/pom.xml b/modules/spdy/pom.xml index 6ddb36bd46..3e9483c9a4 100644 --- a/modules/spdy/pom.xml +++ b/modules/spdy/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-spdy - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-spdy install diff --git a/modules/websockets/pom.xml b/modules/websockets/pom.xml index c16d8f8b71..7d3846ad75 100644 --- a/modules/websockets/pom.xml +++ b/modules/websockets/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 grizzly-websockets bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-websockets install diff --git a/pom.xml b/pom.xml index 9c594ab1c2..9f3ecde683 100644 --- a/pom.xml +++ b/pom.xml @@ -44,7 +44,7 @@ org.glassfish.grizzly grizzly-bom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT bom/pom.xml @@ -52,7 +52,7 @@ grizzly-project pom grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT http://grizzly.java.net GitHub diff --git a/samples/comet/comet-counter/pom.xml b/samples/comet/comet-counter/pom.xml index 48f272100b..c177836aee 100755 --- a/samples/comet/comet-counter/pom.xml +++ b/samples/comet/comet-counter/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-comet-counter war - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-comet-counter https://grizzly.java.net diff --git a/samples/comet/pom.xml b/samples/comet/pom.xml index 301d96ba01..0c3ca1144f 100755 --- a/samples/comet/pom.xml +++ b/samples/comet/pom.xml @@ -45,13 +45,13 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-comet-samples - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-comet-samples pom diff --git a/samples/connection-pool-samples/pom.xml b/samples/connection-pool-samples/pom.xml index 5196803cbc..0d896afc56 100755 --- a/samples/connection-pool-samples/pom.xml +++ b/samples/connection-pool-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples connection-pool-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT connection-pool-samples install diff --git a/samples/framework-samples/pom.xml b/samples/framework-samples/pom.xml index 10d203486a..6347b7b7e5 100755 --- a/samples/framework-samples/pom.xml +++ b/samples/framework-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-framework-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-framework-samples install diff --git a/samples/http-ajp-samples/pom.xml b/samples/http-ajp-samples/pom.xml index a5f13ab925..fc8a773562 100644 --- a/samples/http-ajp-samples/pom.xml +++ b/samples/http-ajp-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-ajp-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-ajp-samples install diff --git a/samples/http-jaxws-samples/pom.xml b/samples/http-jaxws-samples/pom.xml index 2f878b0f70..dd43e92ead 100644 --- a/samples/http-jaxws-samples/pom.xml +++ b/samples/http-jaxws-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-jaxws-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-jaxws-samples install diff --git a/samples/http-multipart-samples/pom.xml b/samples/http-multipart-samples/pom.xml index 9cf427ef2b..9cc5de722c 100644 --- a/samples/http-multipart-samples/pom.xml +++ b/samples/http-multipart-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-multipart-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-multipart-samples install diff --git a/samples/http-samples/pom.xml b/samples/http-samples/pom.xml index ba2149b2e4..439f5beb7f 100755 --- a/samples/http-samples/pom.xml +++ b/samples/http-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-samples install diff --git a/samples/http-server-samples/pom.xml b/samples/http-server-samples/pom.xml index c0366a42b5..a30626d16c 100644 --- a/samples/http-server-samples/pom.xml +++ b/samples/http-server-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-http-server-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-http-server-samples install diff --git a/samples/pom.xml b/samples/pom.xml index c623828018..c7378b5f64 100755 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-samples pom - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-samples framework-samples diff --git a/samples/portunif/pom.xml b/samples/portunif/pom.xml index 251d9af3f5..5d80d791a0 100644 --- a/samples/portunif/pom.xml +++ b/samples/portunif/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-portunif-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-portunif-samples install diff --git a/samples/spdy-samples/pom.xml b/samples/spdy-samples/pom.xml index b7a7713e68..04732ff504 100644 --- a/samples/spdy-samples/pom.xml +++ b/samples/spdy-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-spdy-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-spdy-samples install diff --git a/samples/tls-sni-samples/pom.xml b/samples/tls-sni-samples/pom.xml index f6c40340ea..bbbdc11246 100644 --- a/samples/tls-sni-samples/pom.xml +++ b/samples/tls-sni-samples/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-tls-sni-samples bundle - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-tls-sni-samples install diff --git a/samples/websockets/chat-ssl/pom.xml b/samples/websockets/chat-ssl/pom.xml index 9b03d10f43..795206220c 100755 --- a/samples/websockets/chat-ssl/pom.xml +++ b/samples/websockets/chat-ssl/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-websockets-chat-ssl war - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-websockets-chat-ssl http://maven.apache.org diff --git a/samples/websockets/chat/pom.xml b/samples/websockets/chat/pom.xml index ecb36aa17e..abc0f5f448 100755 --- a/samples/websockets/chat/pom.xml +++ b/samples/websockets/chat/pom.xml @@ -45,14 +45,14 @@ org.glassfish.grizzly grizzly-project - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT ../../../pom.xml 4.0.0 org.glassfish.grizzly.samples grizzly-websockets-chat war - 2.3.31.payara-p5 + 2.3.31.payara-p5-SNAPSHOT grizzly-websockets-chat http://maven.apache.org From 41e2b19fcc856b31fd557cd43c8f5e25fdf055f4 Mon Sep 17 00:00:00 2001 From: Alfonso Altamirano Date: Mon, 9 Dec 2024 23:08:06 -0600 Subject: [PATCH 4/6] FISH-9690: improving changes to not affect method signatures --- .../grizzly/http/HttpCodecFilter.java | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java index 7ace3a3687..97369a1188 100644 --- a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java @@ -838,12 +838,11 @@ protected boolean parseHeaderFromBytes(final HttpHeader httpHeader, parsingState.subState++; } case 1: { // parse header name - final int result = parseHeaderName(httpHeader, mimeHeaders, parsingState, input, end); - if (result == -1) { + if (!parseHeaderName(httpHeader, mimeHeaders, parsingState, input, end)) { return false; - } else if (result == -2) { // EOL. ignore field-lines - parsingState.subState = 0; - parsingState.start = -1; + } + + if (parsingState.subState == 0 && parsingState.start == -1) { // EOL. ignore field-lines return true; } @@ -893,7 +892,7 @@ protected boolean parseHeaderFromBytes(final HttpHeader httpHeader, } } - protected int parseHeaderName(final HttpHeader httpHeader, + protected boolean parseHeaderName(final HttpHeader httpHeader, final MimeHeaders mimeHeaders, final HeaderParsingState parsingState, final byte[] input, final int end) { final int arrayOffs = parsingState.arrayOffset; @@ -912,7 +911,7 @@ protected int parseHeaderName(final HttpHeader httpHeader, finalizeKnownHeaderNames(httpHeader, parsingState, input, start, offset); - return 0; + return true; } else if ((b >= Constants.A) && (b <= Constants.Z)) { if (!preserveHeaderCase) { b -= Constants.LC_OFFSET; @@ -923,7 +922,9 @@ protected int parseHeaderName(final HttpHeader httpHeader, final int eol = checkEOL(parsingState, input, end); if (eol == 0) { // EOL // the offset is already increased in the check - return -2; + parsingState.subState = 0; + parsingState.start = -1; + return true; } else if (eol == -2) { // not enough data // by keeping the offset unchanged, we will recheck the EOL at the next opportunity. break; @@ -939,7 +940,7 @@ protected int parseHeaderName(final HttpHeader httpHeader, } parsingState.offset = offset - arrayOffs; - return -1; + return false; } protected static int parseHeaderValue(final HttpHeader httpHeader, @@ -1160,12 +1161,11 @@ protected boolean parseHeaderFromBuffer(final HttpHeader httpHeader, parsingState.subState++; } case 1: { // parse header name - final int result = parseHeaderName(httpHeader, mimeHeaders, parsingState, input); - if (result == -1) { + if (!parseHeaderName(httpHeader, mimeHeaders, parsingState, input)) { return false; - } else if (result == -2) { // EOL. ignore field-lines - parsingState.subState = 0; - parsingState.start = -1; + } + + if (parsingState.subState == 0 && parsingState.start == -1) { // EOL. ignore field-lines return true; } @@ -1212,7 +1212,7 @@ protected boolean parseHeaderFromBuffer(final HttpHeader httpHeader, } } - protected int parseHeaderName(final HttpHeader httpHeader, + protected boolean parseHeaderName(final HttpHeader httpHeader, final MimeHeaders mimeHeaders, final HeaderParsingState parsingState, final Buffer input) { final int limit = Math.min(input.limit(), parsingState.packetLimit); @@ -1229,7 +1229,7 @@ protected int parseHeaderName(final HttpHeader httpHeader, finalizeKnownHeaderNames(httpHeader, parsingState, input, start, offset); - return 0; + return true; } else if ((b >= Constants.A) && (b <= Constants.Z)) { if (!preserveHeaderCase) { b -= Constants.LC_OFFSET; @@ -1240,7 +1240,9 @@ protected int parseHeaderName(final HttpHeader httpHeader, final int eol = checkEOL(parsingState, input); if (eol == 0) { // EOL // the offset is already increased in the check - return -2; + parsingState.subState = 0; + parsingState.start = -1; + return true; } else if (eol == -2) { // not enough data // by keeping the offset unchanged, we will recheck the EOL at the next opportunity. break; @@ -1256,7 +1258,7 @@ protected int parseHeaderName(final HttpHeader httpHeader, } parsingState.offset = offset; - return -1; + return false; } protected static int parseHeaderValue(final HttpHeader httpHeader, From 1a81e5c9a3ef301fabb0d28778bac3f2db78fb03 Mon Sep 17 00:00:00 2001 From: Alfonso Altamirano Date: Wed, 11 Dec 2024 23:13:46 -0600 Subject: [PATCH 5/6] FISH-9690: set default value as true and prevent LF character on Header Value --- .../glassfish/grizzly/http/HttpCodecFilter.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java index 97369a1188..7588f9e052 100644 --- a/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/HttpCodecFilter.java @@ -159,9 +159,9 @@ public abstract class HttpCodecFilter extends HttpBaseFilter public static final String STRICT_HEADER_VALUE_VALIDATION_RFC_9110 = "org.glassfish.grizzly.http.STRICT_HEADER_VALUE_VALIDATION_RFC_9110"; - private static final boolean isStrictHeaderNameValidationSet = Boolean.parseBoolean(System.getProperty(STRICT_HEADER_NAME_VALIDATION_RFC_9110)); + private static final boolean isStrictHeaderNameValidationSet = Boolean.parseBoolean((System.getProperty(STRICT_HEADER_NAME_VALIDATION_RFC_9110) == null) ? "true" : System.getProperty(STRICT_HEADER_NAME_VALIDATION_RFC_9110)); - private static final boolean isStrictHeaderValueValidationSet = Boolean.parseBoolean(System.getProperty(STRICT_HEADER_VALUE_VALIDATION_RFC_9110)); + private static final boolean isStrictHeaderValueValidationSet = Boolean.parseBoolean((System.getProperty(STRICT_HEADER_VALUE_VALIDATION_RFC_9110) == null) ? "true": System.getProperty(STRICT_HEADER_VALUE_VALIDATION_RFC_9110)); /** * File cache probes @@ -980,6 +980,11 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, parsingState.offset = offset + 2 - arrayOffs; return -2; } else { + final byte b3 = input[offset - 1]; + if (!(b3 == Constants.CR) && isStrictHeaderValueValidationSet) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header value"); + } parsingState.offset = offset + 1 - arrayOffs; finalizeKnownHeaderValues(httpHeader, parsingState, input, arrayOffs + parsingState.start, @@ -1296,6 +1301,11 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, parsingState.offset = offset + 2; return -2; } else { + final byte b3 = input.get(offset - 1); + if (!(b3 == Constants.CR) && isStrictHeaderValueValidationSet) { + throw new IllegalStateException( + "An invalid character 0x" + Integer.toHexString(b) + " was found in the header value"); + } parsingState.offset = offset + 1; finalizeKnownHeaderValues(httpHeader, parsingState, input, parsingState.start, parsingState.checkpoint2); From 1e439752b5f9ce18233e42b0c6ef30d509fdf708 Mon Sep 17 00:00:00 2001 From: Alfonso Altamirano Date: Thu, 12 Dec 2024 17:16:02 -0600 Subject: [PATCH 6/6] FISH-9690: fixes for unit tests --- .../org/glassfish/grizzly/comet/BasicCometTest.java | 12 ++++++------ .../grizzly/http/ChunkedTransferEncodingTest.java | 2 +- .../glassfish/grizzly/http/HttpRequestParseTest.java | 12 ++++++------ .../grizzly/http/HttpResponseParseTest.java | 2 +- .../glassfish/grizzly/http/HttpSemanticsTest.java | 6 +++--- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/modules/comet/src/test/java/org/glassfish/grizzly/comet/BasicCometTest.java b/modules/comet/src/test/java/org/glassfish/grizzly/comet/BasicCometTest.java index f152b5b1e5..f3d2df5f02 100644 --- a/modules/comet/src/test/java/org/glassfish/grizzly/comet/BasicCometTest.java +++ b/modules/comet/src/test/java/org/glassfish/grizzly/comet/BasicCometTest.java @@ -124,7 +124,7 @@ public void testClientCloseConnection() throws Exception { s.setSoLinger(false, 0); s.setSoTimeout(500); OutputStream os = s.getOutputStream(); - String a = "GET " + alias + " HTTP/1.1\n" + "Host: localhost:" + PORT + "\n\n"; + String a = "GET " + alias + " HTTP/1.1\r\n" + "Host: localhost:" + PORT + "\r\n\r\n"; System.out.println(" " + a); os.write(a.getBytes()); os.flush(); @@ -186,11 +186,11 @@ public void service(Request request, Response response) throws Exception { Socket s = new Socket("localhost", PORT); s.setSoTimeout(10 * 1000); OutputStream os = s.getOutputStream(); - String cometRequest = "GET " + alias + " HTTP/1.1\nHost: localhost:" + PORT + "\n\n"; - String staticRequest = "GET /static HTTP/1.1\nHost: localhost:" + PORT + "\n\n"; + String cometRequest = "GET " + alias + " HTTP/1.1\r\nHost: localhost:" + PORT + "\r\n\r\n"; + String staticRequest = "GET /static HTTP/1.1\r\nHost: localhost:" + PORT + "\r\n\r\n"; - String lastCometRequest = "GET " + alias + " HTTP/1.1\n"+"Host: localhost:" + PORT + "\nConnection: close\n\n"; + String lastCometRequest = "GET " + alias + " HTTP/1.1\r\n"+"Host: localhost:" + PORT + "\r\nConnection: close\r\n\r\n"; String pipelinedRequest1 = cometRequest + staticRequest + cometRequest; @@ -278,8 +278,8 @@ public void service(Request request, Response response) throws Exception { Socket s = new Socket("localhost", PORT); s.setSoTimeout(10 * 1000); OutputStream os = s.getOutputStream(); - String cometRequest = "GET " + alias + " HTTP/1.1\nHost: localhost:" + PORT + "\n\n"; - String staticRequest = "GET /static HTTP/1.1\nHost: localhost:" + PORT + "\n\n"; + String cometRequest = "GET " + alias + " HTTP/1.1\r\nHost: localhost:" + PORT + "\r\n\r\n"; + String staticRequest = "GET /static HTTP/1.1\r\nHost: localhost:" + PORT + "\r\n\r\n"; try { diff --git a/modules/http/src/test/java/org/glassfish/grizzly/http/ChunkedTransferEncodingTest.java b/modules/http/src/test/java/org/glassfish/grizzly/http/ChunkedTransferEncodingTest.java index 6588ea82d1..8f7edb2d62 100644 --- a/modules/http/src/test/java/org/glassfish/grizzly/http/ChunkedTransferEncodingTest.java +++ b/modules/http/src/test/java/org/glassfish/grizzly/http/ChunkedTransferEncodingTest.java @@ -168,7 +168,7 @@ public void after() throws Exception { } public ChunkedTransferEncodingTest(String eol, boolean isChunkWhenParsing) { - this.eol = eol; + this.eol = "\r\n"; this.isChunkWhenParsing = isChunkWhenParsing; } diff --git a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java index e2503a288b..d0e0f88622 100644 --- a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java +++ b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpRequestParseTest.java @@ -211,9 +211,9 @@ public void testHeadersN() throws Exception { Map> headers = new HashMap>(); headers.put("Host", new Pair("localhost", "localhost")); - headers.put("Multi-line", new Pair("first\r\n second\n third", "first second third")); + headers.put("Multi-line", new Pair("first\r\n second\r\n third", "first second third")); headers.put("Content-length", new Pair("2345", "2345")); - doHttpRequestTest("POST", "/index.html", "HTTP/1.1", headers, "\n"); + doHttpRequestTest("POST", "/index.html", "HTTP/1.1", headers, "\r\n"); } public void testCompleteURI() throws Exception { @@ -223,7 +223,7 @@ public void testCompleteURI() throws Exception { headers.put("Content-length", new Pair("2345", "2345")); doHttpRequestTest(new Pair("POST", "POST"), new Pair("http://localhost:8180/index.html", "/index.html"), - new Pair("HTTP/1.1", "HTTP/1.1"), headers, "\n", false); + new Pair("HTTP/1.1", "HTTP/1.1"), headers, "\r\n", false); } public void testCompleteEmptyURI() throws Exception { @@ -233,7 +233,7 @@ public void testCompleteEmptyURI() throws Exception { headers.put("Content-length", new Pair("2345", "2345")); doHttpRequestTest(new Pair("POST", "POST"), new Pair("http://localhost:8180", "/"), - new Pair("HTTP/1.1", "HTTP/1.1"), headers, "\n", false); + new Pair("HTTP/1.1", "HTTP/1.1"), headers, "\r\n", false); } public void testDecoderOK() { @@ -277,7 +277,7 @@ public void testDecoderOverflowHeader1() { } public void testDecoderOverflowHeader2() { - doTestDecoder("GET /index.html HTTP/1.0\nHost: localhost\n\n", 42); + doTestDecoder("GET /index.html HTTP/1.0\r\nHost: localhost\r\n\r\n", 50); } public void testDecoderOverflowHeader3() { @@ -295,7 +295,7 @@ public void testDecoderOverflowHeader4() { public void testChunkedTransferEncodingCaseInsensitive() { HttpPacket packet = doTestDecoder( - "POST /index.html HTTP/1.1\nHost: localhost\nTransfer-Encoding: CHUNked\r\n\r\n", 4096); + "POST /index.html HTTP/1.1\r\nHost: localhost\r\nTransfer-Encoding: CHUNked\r\n\r\n", 4096); assertTrue(packet.getHttpHeader().isChunked()); } diff --git a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpResponseParseTest.java b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpResponseParseTest.java index 8a92f4c234..7d74b32043 100644 --- a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpResponseParseTest.java +++ b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpResponseParseTest.java @@ -111,7 +111,7 @@ public void testHeadersN() throws Exception { headers.put("Header1", new Pair("localhost", "localhost")); headers.put("Multi-line", new Pair("first\n second\n third", "first seconds third")); headers.put("Content-length", new Pair("2345", "2345")); - doHttpResponseTest("HTTP/1.0", 200, "DONE", headers, "\n"); + doHttpResponseTest("HTTP/1.0", 200, "DONE", headers, "\r\n"); } public void testDecoderOK() { diff --git a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpSemanticsTest.java b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpSemanticsTest.java index 5eaf9bb51f..423a957777 100644 --- a/modules/http/src/test/java/org/glassfish/grizzly/http/HttpSemanticsTest.java +++ b/modules/http/src/test/java/org/glassfish/grizzly/http/HttpSemanticsTest.java @@ -841,9 +841,9 @@ public void testExplicitConnectionCloseHeader() throws Throwable { TCPNIOTransportBuilder.newInstance().build(), null); Buffer requestBuf = Buffers.wrap(connection.getMemoryManager(), - "GET /path HTTP/1.1\n" - + "Host: localhost:" + PORT + '\n' - + '\n'); + "GET /path HTTP/1.1\r\n" + + "Host: localhost:" + PORT + "\r\n" + + "\r\n"); FilterChainContext ctx = FilterChainContext.create(connection); ctx.setMessage(requestBuf);