author | goetz |
Sat, 01 Sep 2018 18:15:27 +0200 | |
changeset 51616 | b071f4fff1f1 |
parent 47705 | a6f8cacdef93 |
child 55782 | 0586f8664ba8 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
47705
a6f8cacdef93
8190793: Httpserver does not detect truncated request body
michaelm
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.net.httpserver; |
|
27 |
||
28 |
import java.io.*; |
|
29 |
import java.net.*; |
|
30 |
import com.sun.net.httpserver.*; |
|
31 |
import com.sun.net.httpserver.spi.*; |
|
32 |
||
33 |
class ChunkedInputStream extends LeftOverInputStream { |
|
34 |
ChunkedInputStream (ExchangeImpl t, InputStream src) { |
|
35 |
super (t, src); |
|
36 |
} |
|
37 |
||
38 |
private int remaining; |
|
39 |
||
40 |
/* true when a chunk header needs to be read */ |
|
41 |
||
42 |
private boolean needToReadHeader = true; |
|
43 |
||
16081 | 44 |
final static char CR = '\r'; |
45 |
final static char LF = '\n'; |
|
46 |
/* |
|
47 |
* Maximum chunk header size of 2KB + 2 bytes for CRLF |
|
48 |
*/ |
|
49 |
private final static int MAX_CHUNK_HEADER_SIZE = 2050; |
|
2 | 50 |
|
51 |
private int numeric (char[] arr, int nchars) throws IOException { |
|
52 |
assert arr.length >= nchars; |
|
53 |
int len = 0; |
|
54 |
for (int i=0; i<nchars; i++) { |
|
55 |
char c = arr[i]; |
|
56 |
int val=0; |
|
57 |
if (c>='0' && c <='9') { |
|
58 |
val = c - '0'; |
|
59 |
} else if (c>='a' && c<= 'f') { |
|
60 |
val = c - 'a' + 10; |
|
61 |
} else if (c>='A' && c<= 'F') { |
|
62 |
val = c - 'A' + 10; |
|
63 |
} else { |
|
64 |
throw new IOException ("invalid chunk length"); |
|
65 |
} |
|
66 |
len = len * 16 + val; |
|
67 |
} |
|
68 |
return len; |
|
69 |
} |
|
70 |
||
71 |
/* read the chunk header line and return the chunk length |
|
72 |
* any chunk extensions are ignored |
|
73 |
*/ |
|
74 |
private int readChunkHeader () throws IOException { |
|
75 |
boolean gotCR = false; |
|
8541
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
76 |
int c; |
2 | 77 |
char[] len_arr = new char [16]; |
78 |
int len_size = 0; |
|
79 |
boolean end_of_len = false; |
|
16081 | 80 |
int read = 0; |
2 | 81 |
|
8541
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
82 |
while ((c=in.read())!= -1) { |
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
83 |
char ch = (char) c; |
16081 | 84 |
read++; |
85 |
if ((len_size == len_arr.length -1) || |
|
86 |
(read > MAX_CHUNK_HEADER_SIZE)) |
|
87 |
{ |
|
2 | 88 |
throw new IOException ("invalid chunk header"); |
89 |
} |
|
90 |
if (gotCR) { |
|
8541
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
91 |
if (ch == LF) { |
2 | 92 |
int l = numeric (len_arr, len_size); |
93 |
return l; |
|
94 |
} else { |
|
95 |
gotCR = false; |
|
96 |
} |
|
97 |
if (!end_of_len) { |
|
8541
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
98 |
len_arr[len_size++] = ch; |
2 | 99 |
} |
100 |
} else { |
|
8541
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
101 |
if (ch == CR) { |
2 | 102 |
gotCR = true; |
8541
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
103 |
} else if (ch == ';') { |
2 | 104 |
end_of_len = true; |
105 |
} else if (!end_of_len) { |
|
8541
75bedadddefa
6702400: ChunkedInputStream expecting -1 from int read, but int->char comparision is wrong
michaelm
parents:
7668
diff
changeset
|
106 |
len_arr[len_size++] = ch; |
2 | 107 |
} |
108 |
} |
|
109 |
} |
|
110 |
throw new IOException ("end of stream reading chunk header"); |
|
111 |
} |
|
112 |
||
113 |
protected int readImpl (byte[]b, int off, int len) throws IOException { |
|
114 |
if (eof) { |
|
115 |
return -1; |
|
116 |
} |
|
117 |
if (needToReadHeader) { |
|
118 |
remaining = readChunkHeader(); |
|
119 |
if (remaining == 0) { |
|
120 |
eof = true; |
|
121 |
consumeCRLF(); |
|
7271 | 122 |
t.getServerImpl().requestCompleted (t.getConnection()); |
2 | 123 |
return -1; |
124 |
} |
|
125 |
needToReadHeader = false; |
|
126 |
} |
|
127 |
if (len > remaining) { |
|
128 |
len = remaining; |
|
129 |
} |
|
130 |
int n = in.read(b, off, len); |
|
131 |
if (n > -1) { |
|
132 |
remaining -= n; |
|
133 |
} |
|
134 |
if (remaining == 0) { |
|
135 |
needToReadHeader = true; |
|
136 |
consumeCRLF(); |
|
137 |
} |
|
47705
a6f8cacdef93
8190793: Httpserver does not detect truncated request body
michaelm
parents:
47216
diff
changeset
|
138 |
if (n < 0 && !eof) |
a6f8cacdef93
8190793: Httpserver does not detect truncated request body
michaelm
parents:
47216
diff
changeset
|
139 |
throw new IOException("connection closed before all data received"); |
2 | 140 |
return n; |
141 |
} |
|
142 |
||
143 |
private void consumeCRLF () throws IOException { |
|
144 |
char c; |
|
145 |
c = (char)in.read(); /* CR */ |
|
146 |
if (c != CR) { |
|
147 |
throw new IOException ("invalid chunk end"); |
|
148 |
} |
|
149 |
c = (char)in.read(); /* LF */ |
|
150 |
if (c != LF) { |
|
151 |
throw new IOException ("invalid chunk end"); |
|
152 |
} |
|
153 |
} |
|
154 |
||
155 |
/** |
|
156 |
* returns the number of bytes available to read in the current chunk |
|
157 |
* which may be less than the real amount, but we'll live with that |
|
158 |
* limitation for the moment. It only affects potential efficiency |
|
159 |
* rather than correctness. |
|
160 |
*/ |
|
161 |
public int available () throws IOException { |
|
162 |
if (eof || closed) { |
|
163 |
return 0; |
|
164 |
} |
|
165 |
int n = in.available(); |
|
166 |
return n > remaining? remaining: n; |
|
167 |
} |
|
168 |
||
169 |
/* called after the stream is closed to see if bytes |
|
170 |
* have been read from the underlying channel |
|
171 |
* and buffered internally |
|
172 |
*/ |
|
173 |
public boolean isDataBuffered () throws IOException { |
|
174 |
assert eof; |
|
175 |
return in.available() > 0; |
|
176 |
} |
|
177 |
||
178 |
public boolean markSupported () {return false;} |
|
179 |
||
180 |
public void mark (int l) { |
|
181 |
} |
|
182 |
||
183 |
public void reset () throws IOException { |
|
184 |
throw new IOException ("mark/reset not supported"); |
|
185 |
} |
|
186 |
} |