Skip to content

DB-4068 cherry-pick upstream HttpRequest/ObjectDecoder fixes (4.1.34/bdp master) #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Apr 8, 2020
Merged

DB-4068 cherry-pick upstream HttpRequest/ObjectDecoder fixes (4.1.34/bdp master) #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7eac8fb
Use `AppendableCharSequence.charAtUnsafe(int)` in `HttpObjectDecoder`…
idelpivnitskiy Aug 22, 2019
55b7c07
Correctly handle whitespaces in HTTP header names as defined by RFC72…
normanmaurer Sep 20, 2019
18ce1ac
Detect missing colon when parsing http headers with no value (#9871)
normanmaurer Dec 11, 2019
db07502
Verify we do not receive multiple content-length headers or a content…
normanmaurer Dec 13, 2019
55207c3
Version bump to 4.1.34.3.dse
dalaro Apr 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion all/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
<parent>
<groupId>io.netty</groupId>
<artifactId>netty-parent</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</parent>

<artifactId>netty-all</artifactId>
Expand Down
67 changes: 33 additions & 34 deletions bom/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@

<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
<packaging>pom</packaging>

<name>Netty/BOM</name>
Expand All @@ -49,7 +49,6 @@
<url>https://github.com/netty/netty</url>
<connection>scm:git:git://github.com/netty/netty.git</connection>
<developerConnection>scm:git:ssh://[email protected]/netty/netty.git</developerConnection>
<tag>netty-4.1.34.2.dse</tag>
</scm>

<developers>
Expand All @@ -69,165 +68,165 @@
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-buffer</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-dns</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-haproxy</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-http</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-http2</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-memcache</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-mqtt</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-redis</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-smtp</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-socks</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-stomp</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-xml</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-common</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-dev-tools</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-handler</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-handler-proxy</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-resolver</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-resolver-dns</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-rxtx</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-sctp</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-udt</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-example</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-unix-common</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-unix-common</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
<classifier>linux-x86_64</classifier>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-unix-common</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
<classifier>osx-x86_64</classifier>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-epoll</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-epoll</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
<classifier>linux-x86_64</classifier>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-kqueue</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-kqueue</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
<classifier>osx-x86_64</classifier>
</dependency>
</dependencies>
Expand Down
2 changes: 1 addition & 1 deletion buffer/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<parent>
<groupId>io.netty</groupId>
<artifactId>netty-parent</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</parent>

<artifactId>netty-buffer</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion codec-dns/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<parent>
<groupId>io.netty</groupId>
<artifactId>netty-parent</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</parent>

<artifactId>netty-codec-dns</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion codec-haproxy/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<parent>
<groupId>io.netty</groupId>
<artifactId>netty-parent</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</parent>

<artifactId>netty-codec-haproxy</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion codec-http/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<parent>
<groupId>io.netty</groupId>
<artifactId>netty-parent</artifactId>
<version>4.1.34.2.dse</version>
<version>4.1.34.3.dse</version>
</parent>

<artifactId>netty-codec-http</artifactId>
Expand Down
79 changes: 68 additions & 11 deletions codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -575,7 +575,7 @@ private State readHeaders(ByteBuf buffer) {
}
if (line.length() > 0) {
do {
char firstChar = line.charAt(0);
char firstChar = line.charAtUnsafe(0);
if (name != null && (firstChar == ' ' || firstChar == '\t')) {
//please do not make one line from below code
//as it breaks +XX:OptimizeStringConcat optimization
Expand All @@ -600,23 +600,61 @@ private State readHeaders(ByteBuf buffer) {
if (name != null) {
headers.add(name, value);
}

// reset name and value fields
name = null;
value = null;

State nextState;
List<String> values = headers.getAll(HttpHeaderNames.CONTENT_LENGTH);
int contentLengthValuesCount = values.size();

if (contentLengthValuesCount > 0) {
// Guard against multiple Content-Length headers as stated in
// https://tools.ietf.org/html/rfc7230#section-3.3.2:
//
// If a message is received that has multiple Content-Length header
// fields with field-values consisting of the same decimal value, or a
// single Content-Length header field with a field value containing a
// list of identical decimal values (e.g., "Content-Length: 42, 42"),
// indicating that duplicate Content-Length header fields have been
// generated or combined by an upstream message processor, then the
// recipient MUST either reject the message as invalid or replace the
// duplicated field-values with a single valid Content-Length field
// containing that decimal value prior to determining the message body
// length or forwarding the message.
if (contentLengthValuesCount > 1 && message.protocolVersion() == HttpVersion.HTTP_1_1) {
throw new IllegalArgumentException("Multiple Content-Length headers found");
}
contentLength = Long.parseLong(values.get(0));
}

if (isContentAlwaysEmpty(message)) {
HttpUtil.setTransferEncodingChunked(message, false);
nextState = State.SKIP_CONTROL_CHARS;
return State.SKIP_CONTROL_CHARS;
} else if (HttpUtil.isTransferEncodingChunked(message)) {
nextState = State.READ_CHUNK_SIZE;
// See https://tools.ietf.org/html/rfc7230#section-3.3.3
//
// If a message is received with both a Transfer-Encoding and a
// Content-Length header field, the Transfer-Encoding overrides the
// Content-Length. Such a message might indicate an attempt to
// perform request smuggling (Section 9.5) or response splitting
// (Section 9.4) and ought to be handled as an error. A sender MUST
// remove the received Content-Length field prior to forwarding such
// a message downstream.
//
// This is also what http_parser does:
// https://github.com/nodejs/http-parser/blob/v2.9.2/http_parser.c#L1769
if (contentLengthValuesCount > 0 && message.protocolVersion() == HttpVersion.HTTP_1_1) {
throw new IllegalArgumentException(
"Both 'Content-Length: " + contentLength + "' and 'Transfer-Encoding: chunked' found");
}

return State.READ_CHUNK_SIZE;
} else if (contentLength() >= 0) {
nextState = State.READ_FIXED_LENGTH_CONTENT;
return State.READ_FIXED_LENGTH_CONTENT;
} else {
nextState = State.READ_VARIABLE_LENGTH_CONTENT;
return State.READ_VARIABLE_LENGTH_CONTENT;
}
return nextState;
}

private long contentLength() {
Expand All @@ -643,7 +681,7 @@ private LastHttpContent readTrailingHeaders(ByteBuf buffer) {
trailer = this.trailer = new DefaultLastHttpContent(Unpooled.EMPTY_BUFFER, validateHeaders);
}
while (line.length() > 0) {
char firstChar = line.charAt(0);
char firstChar = line.charAtUnsafe(0);
if (lastHeader != null && (firstChar == ' ' || firstChar == '\t')) {
List<String> current = trailer.trailingHeaders().getAll(lastHeader);
if (!current.isEmpty()) {
Expand Down Expand Up @@ -727,14 +765,33 @@ private void splitHeader(AppendableCharSequence sb) {

nameStart = findNonWhitespace(sb, 0);
for (nameEnd = nameStart; nameEnd < length; nameEnd ++) {
char ch = sb.charAt(nameEnd);
if (ch == ':' || Character.isWhitespace(ch)) {
char ch = sb.charAtUnsafe(nameEnd);
// https://tools.ietf.org/html/rfc7230#section-3.2.4
//
// No whitespace is allowed between the header field-name and colon. In
// the past, differences in the handling of such whitespace have led to
// security vulnerabilities in request routing and response handling. A
// server MUST reject any received request message that contains
// whitespace between a header field-name and colon with a response code
// of 400 (Bad Request). A proxy MUST remove any such whitespace from a
// response message before forwarding the message downstream.
if (ch == ':' ||
// In case of decoding a request we will just continue processing and header validation
// is done in the DefaultHttpHeaders implementation.
//
// In the case of decoding a response we will "skip" the whitespace.
(!isDecodingRequest() && Character.isWhitespace(ch))) {
break;
}
}

if (nameEnd == length) {
// There was no colon present at all.
throw new IllegalArgumentException("No colon found");
}

for (colonEnd = nameEnd; colonEnd < length; colonEnd ++) {
if (sb.charAt(colonEnd) == ':') {
if (sb.charAtUnsafe(colonEnd) == ':') {
colonEnd ++;
break;
}
Expand Down
Loading