Author: remy.maucherat(a)jboss.com Date: 2008-10-21 10:25:54 -0400 (Tue, 21 Oct 2008) New Revision: 813 Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java trunk/java/org/apache/coyote/ajp/AjpMessage.java trunk/java/org/apache/coyote/ajp/AjpProcessor.java trunk/java/org/apache/coyote/ajp/LocalStrings.properties trunk/webapps/docs/changelog.xml Log: - Code to handle invalid AJP messages: set length to 0 and throw an IOE (in some cases it would have resulted in an EOF). Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2008-10-20 10:42:51 UTC (rev 812) +++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2008-10-21 14:25:54 UTC (rev 813) @@ -1163,7 +1163,9 @@ read(headerLength); } inputBuffer.get(message.getBuffer(), 0, headerLength); - message.processHeader(); + if (message.processHeader() < 0) { + throw new IOException(sm.getString("ajpprotocol.badmessage")); + } read(message.getLen()); inputBuffer.get(message.getBuffer(), headerLength, message.getLen()); Modified: trunk/java/org/apache/coyote/ajp/AjpMessage.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpMessage.java 2008-10-20 10:42:51 UTC (rev 812) +++ trunk/java/org/apache/coyote/ajp/AjpMessage.java 2008-10-21 14:25:54 UTC (rev 813) @@ -398,6 +398,7 @@ if (log.isDebugEnabled()) { dump("In: "); } + len = 0; return -1; } if (log.isDebugEnabled()) { Modified: trunk/java/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2008-10-20 10:42:51 UTC (rev 812) +++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2008-10-21 14:25:54 UTC (rev 813) @@ -1110,7 +1110,9 @@ read(buf, 0, message.getHeaderLength()); - message.processHeader(); + if (message.processHeader() < 0) { + throw new IOException(sm.getString("ajpprotocol.badmessage")); + } read(buf, message.getHeaderLength(), message.getLen()); return true; Modified: trunk/java/org/apache/coyote/ajp/LocalStrings.properties =================================================================== --- trunk/java/org/apache/coyote/ajp/LocalStrings.properties 2008-10-20 10:42:51 UTC (rev 812) +++ trunk/java/org/apache/coyote/ajp/LocalStrings.properties 2008-10-21 14:25:54 UTC (rev 813) @@ -23,15 +23,16 @@ ajpprotocol.failedread=Socket read failed ajpprotocol.failedwrite=Socket write failed ajpprotocol.request.register=Error registering request processor in JMX +ajpprotocol.badmessage=Invalid message received ajpprocessor.header.error=Header message parsing failed ajpprocessor.request.prepare=Error preparing request ajpprocessor.request.process=Error processing request -ajpprocessor.certs.fail=Certificate convertion failed +ajpprocessor.certs.fail=Certificate conversion failed ajpprocessor.socket.info=Exception getting socket information ajpmessage.null=Cannot append null value ajpmessage.overflow=Overflow error for buffer adding {0} bytes at position {1} ajpmessage.read=Requested {0} bytes exceeds message available data -ajpmessage.invalid=Invalid message recieved with signature {0} +ajpmessage.invalid=Invalid message received with signature {0} Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2008-10-20 10:42:51 UTC (rev 812) +++ trunk/webapps/docs/changelog.xml 2008-10-21 14:25:54 UTC (rev 813) @@ -85,6 +85,9 @@ <fix> Null out socket in java.io HTTP connector. (fhanik) </fix> + <fix> + Handling for invalid AJP messages. (remm) + </fix> </changelog> </subsection> <subsection name="Jasper">