From 58a282d01de32d7d07f73160d47acc5460b08839 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Thu, 2 May 2013 10:44:11 +1000 Subject: [PATCH] 406923 CR line termination Do not allow CR only line termination. Respond with 400 bad request. --- .../org/eclipse/jetty/http/HttpParser.java | 10 ++- .../eclipse/jetty/http/HttpParserTest.java | 84 +++++++++++++++++++ 2 files changed, 91 insertions(+), 3 deletions(-) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java index 1bad26499c7..88b19a33d03 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java @@ -350,10 +350,14 @@ public class HttpParser implements Parser ch=_buffer.get(); - if (_eol == HttpTokens.CARRIAGE_RETURN && ch == HttpTokens.LINE_FEED) + if (_eol == HttpTokens.CARRIAGE_RETURN) { - _eol=HttpTokens.LINE_FEED; - continue; + if (ch == HttpTokens.LINE_FEED) + { + _eol=HttpTokens.LINE_FEED; + continue; + } + throw new HttpException(HttpStatus.BAD_REQUEST_400); } _eol=0; diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java index 6a292b7fd93..7217e185811 100644 --- a/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java +++ b/jetty-http/src/test/java/org/eclipse/jetty/http/HttpParserTest.java @@ -23,6 +23,8 @@ import static org.junit.Assert.assertTrue; import java.io.UnsupportedEncodingException; +import junit.framework.Assert; + import org.eclipse.jetty.io.Buffer; import org.eclipse.jetty.io.ByteArrayBuffer; import org.eclipse.jetty.io.SimpleBuffers; @@ -179,6 +181,88 @@ public class HttpParserTest assertEquals(5, h); } + @Test + public void testHeaderParseLF() throws Exception + { + StringEndPoint io=new StringEndPoint(); + io.setInput( + "GET / HTTP/1.0\012" + + "Host: localhost\012" + + "Header1: value1\012" + + "Header2 : value 2a \012" + + " value 2b \012" + + "Header3: \012" + + "Header4 \012" + + " value4\012" + + "Server5: notServer\012" + + "\012"); + ByteArrayBuffer buffer= new ByteArrayBuffer(4096); + SimpleBuffers buffers=new SimpleBuffers(buffer,null); + + Handler handler = new Handler(); + HttpParser parser= new HttpParser(buffers,io, handler); + parser.parse(); + assertEquals("GET", f0); + assertEquals("/", f1); + assertEquals("HTTP/1.0", f2); + assertEquals("Host", hdr[0]); + assertEquals("localhost", val[0]); + assertEquals("Header1", hdr[1]); + assertEquals("value1", val[1]); + assertEquals("Header2", hdr[2]); + assertEquals("value 2a value 2b", val[2]); + assertEquals("Header3", hdr[3]); + assertEquals("", val[3]); + assertEquals("Header4", hdr[4]); + assertEquals("value4", val[4]); + assertEquals("Server5", hdr[5]); + assertEquals("notServer", val[5]); + assertEquals(5, h); + } + + @Test + public void testHeaderParseCR() throws Exception + { + StringEndPoint io=new StringEndPoint(); + io.setInput( + "GET / HTTP/1.0\015" + + "Host: localhost\015" + + "Header1: value1\015" + + "\015"); + ByteArrayBuffer buffer= new ByteArrayBuffer(4096); + SimpleBuffers buffers=new SimpleBuffers(buffer,null); + + Handler handler = new Handler(); + HttpParser parser= new HttpParser(buffers,io, handler); + try + { + parser.parse(); + Assert.fail(); + } + catch(HttpException e) + { + assertEquals(400,e._status); + } + + io.setInput( + "GET / HTTP/1.0\r\n" + + "Host: localhost\r\r\n" + + "Header1: value1\r\n" + + "\r\n"); + + parser= new HttpParser(buffers,io, handler); + try + { + parser.parse(); + Assert.fail(); + } + catch(HttpException e) + { + assertEquals(400,e._status); + } + + } + @Test public void testChunkParse() throws Exception {