Issue #3030 Enforce Content-Encoding check only on parameter extraction. (#3031)

2018-10-26 06:44:40 +11:00 · 2018-10-26 06:44:40 +11:00 · 898560bec5
parent 8500e806ec
commit 898560bec5
2 changed files with 36 additions and 9 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
@ -455,23 +455,21 @@ public class Request implements HttpServletRequest
    /* ------------------------------------------------------------ */
    private void extractContentParameters()
    {
-        // Content cannot be encoded
-        if (_metaData!=null && getHttpFields().contains(HttpHeader.CONTENT_ENCODING))
-            throw new BadMessageException(HttpStatus.NOT_IMPLEMENTED_501,"Unsupported Content-Encoding");
-        
        String contentType = getContentType();
        if (contentType == null || contentType.isEmpty())
            _contentParameters=NO_PARAMS;
        else
        {
            _contentParameters=new MultiMap<>();
-            contentType = HttpFields.valueParameters(contentType, null);
            int contentLength = getContentLength();
            if (contentLength != 0 && _inputState == __NONE)
            {
+                contentType = HttpFields.valueParameters(contentType, null);
                if (MimeTypes.Type.FORM_ENCODED.is(contentType) &&
                    _channel.getHttpConfiguration().isFormEncodedMethod(getMethod()))
                {
+                    if (_metaData!=null && getHttpFields().contains(HttpHeader.CONTENT_ENCODING))
+                        throw new BadMessageException(HttpStatus.NOT_IMPLEMENTED_501,"Unsupported Content-Encoding");
                    extractFormParameters(_contentParameters);
                }
                else if (MimeTypes.Type.MULTIPART_FORM_DATA.is(contentType) &&
@ -480,6 +478,8 @@ public class Request implements HttpServletRequest
                {
                    try
                    {
+                        if (_metaData!=null && getHttpFields().contains(HttpHeader.CONTENT_ENCODING))
+                            throw new BadMessageException(HttpStatus.NOT_IMPLEMENTED_501,"Unsupported Content-Encoding");
                        getParts(_contentParameters);
                    }
                    catch (IOException | ServletException e)
@ -490,7 +490,6 @@ public class Request implements HttpServletRequest
                }
            }
        }
-
    }

    /* ------------------------------------------------------------ */
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
@ -18,6 +18,7 @@

 package org.eclipse.jetty.server;

+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
@ -28,7 +29,6 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNotSame;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertSame;
-import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
@ -634,7 +634,7 @@ public class RequestTest
        };

        //Send a request with encoded form content
-        String request="GET / HTTP/1.1\r\n"+
+        String request="POST / HTTP/1.1\r\n"+
        "Host: whatever\r\n"+
        "Content-Type: application/x-www-form-urlencoded; charset=utf-8\n"+
        "Content-Length: 10\n"+
@ -647,6 +647,34 @@ public class RequestTest
        assertThat(responses,startsWith("HTTP/1.1 200"));
    }

+
+    @Test
+    public void testEncodedNotParams() throws Exception
+    {
+        _handler._checker = new RequestTester()
+        {
+            @Override
+            public boolean check(HttpServletRequest request,HttpServletResponse response)
+            {
+                return request.getParameter("param")==null;
+            }
+        };
+
+        //Send a request with encoded form content
+        String request="POST / HTTP/1.1\r\n"+
+            "Host: whatever\r\n"+
+            "Content-Type: application/octet-stream\n"+
+            "Content-Length: 10\n"+
+            "Content-Encoding: gzip\n"+
+            "Connection: close\n"+
+            "\n"+
+            "0123456789\n";
+
+        String responses=_connector.getResponse(request);
+        assertThat(responses,startsWith("HTTP/1.1 200"));
+    }
+
+
    @Test
    public void testInvalidHostHeader() throws Exception
    {
@ -1815,7 +1843,7 @@ public class RequestTest
            ((Request)request).setHandled(true);

            if (request.getContentLength()>0
-                    && !MimeTypes.Type.FORM_ENCODED.asString().equals(request.getContentType())
+                    && !request.getContentType().startsWith(MimeTypes.Type.FORM_ENCODED.asString())
                    && !request.getContentType().startsWith("multipart/form-data"))
                _content=IO.toString(request.getInputStream());