Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changes after review 1 

Changed the base64 pattern to only accept token68 pattern from rfc7235#appendix-C
Add limit to recusion depth of multiple challange matching to stop any vulnerablilties related to malicious server overflowing client stack
Regex no longer allows trailing whitespace

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
Lachlan Roberts 2018-04-24 11:16:31 +10:00
parent 5a1325949e
commit fc5c438d72
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
jetty-client/src/main/java/org/eclipse/jetty/client/AuthenticationProtocolHandler.java
View File

@ -49,8 +49,9 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
private static final Pattern PARAM_PATTERN = Pattern.compile("([^=]+)=([^=]+)?"); private static final Pattern PARAM_PATTERN = Pattern.compile("([^=]+)=([^=]+)?");
private static final Pattern TYPE_PATTERN = Pattern.compile("([^\\s]+)(\\s+(.*))?"); private static final Pattern TYPE_PATTERN = Pattern.compile("([^\\s]+)(\\s+(.*))?");
private static final Pattern MULTIPLE_CHALLENGE_PATTERN = Pattern.compile("(.*),\\s*([^=\\s,]+(\\s+[^=\\s].*)?)\\s*"); private static final Pattern MULTIPLE_CHALLENGE_PATTERN = Pattern.compile("(.*),\\s*([^=\\s,]+(\\s+[^=\\s].*)?)");
private static final Pattern BASE64_PATTERN = Pattern.compile("([^\\s,=]+=*)\\s*"); private static final Pattern BASE64_PATTERN = Pattern.compile("[\\+\\-\\.\\/\\dA-Z_a-z~]+=*");
private static final int MAX_DEPTH = 10;
private final HttpClient client; private final HttpClient client;
private final int maxContentLength; private final int maxContentLength;
@ -85,12 +86,20 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
protected List<HeaderInfo> getHeaderInfo(String value) throws IllegalArgumentException protected List<HeaderInfo> getHeaderInfo(String value) throws IllegalArgumentException
{ {
return getHeaderInfo(value, 0);
}
protected List<HeaderInfo> getHeaderInfo(String value, int depth) throws IllegalArgumentException
{
if(depth > MAX_DEPTH)
throw new IllegalStateException("too many challanges");
Matcher m = MULTIPLE_CHALLENGE_PATTERN.matcher(value); Matcher m = MULTIPLE_CHALLENGE_PATTERN.matcher(value);
if (m.matches()) if (m.matches())
{ {
List<HeaderInfo> l = new ArrayList<>(); List<HeaderInfo> l = new ArrayList<>();
l.addAll(getHeaderInfo(m.group(1))); l.addAll(getHeaderInfo(m.group(1), depth+1));
l.addAll(getHeaderInfo(m.group(2))); l.addAll(getHeaderInfo(m.group(2), depth+1));
return l; return l;
} }
else else
@ -128,7 +137,7 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
Matcher b64 = BASE64_PATTERN.matcher(wwwAuthenticate); Matcher b64 = BASE64_PATTERN.matcher(wwwAuthenticate);
if (b64.matches()) if (b64.matches())
{ {
result.put("base64", b64.group(1)); result.put("base64", wwwAuthenticate);
return result; return result;
} }