From f89dda95e04cad528524bea99b8599cee678ec07 Mon Sep 17 00:00:00 2001 From: John Knight Date: Fri, 24 May 2013 11:54:57 +1200 Subject: [PATCH] This fixes an issue with the string buffer which is used for parsing URL parameters. When bad url encoding is passed in on a parameter, an exception is thrown, but the buffer isn't recycled. The upshot of this is that subsequent VALID requests, when handled by the same thread holding that buffer, all fail due to the bad url encoding still being in the buffer. --- .../glassfish/grizzly/http/util/Parameters.java | 13 +++--- .../grizzly/http/core/ParametersTest.java | 48 ++++++++++++++++++++++ 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/modules/http/src/main/java/org/glassfish/grizzly/http/util/Parameters.java b/modules/http/src/main/java/org/glassfish/grizzly/http/util/Parameters.java index 696ace7..679332f 100644 --- a/modules/http/src/main/java/org/glassfish/grizzly/http/util/Parameters.java +++ b/modules/http/src/main/java/org/glassfish/grizzly/http/util/Parameters.java @@ -647,9 +647,10 @@ public final class Parameters { addParameter(tmpNameC.toString(), tmpValueC.toString()); } catch (IOException ex) { ex.printStackTrace(); + }finally{ + tmpNameC.recycle(); + tmpValueC.recycle(); } - tmpNameC.recycle(); - tmpValueC.recycle(); } while (pos < end); } @@ -842,10 +843,10 @@ public final class Parameters { addParameter(tmpNameC.toString(), tmpValueC.toString()); } catch (IOException ex) { ex.printStackTrace(); - } - tmpNameC.recycle(); - tmpValueC.recycle(); - + }finally{ + tmpNameC.recycle(); + tmpValueC.recycle(); + } } while (pos < end); } diff --git a/modules/http/src/test/java/org/glassfish/grizzly/http/core/ParametersTest.java b/modules/http/src/test/java/org/glassfish/grizzly/http/core/ParametersTest.java index 8939aa6..362a336 100644 --- a/modules/http/src/test/java/org/glassfish/grizzly/http/core/ParametersTest.java +++ b/modules/http/src/test/java/org/glassfish/grizzly/http/core/ParametersTest.java @@ -318,6 +318,54 @@ public class ParametersTest { assertEquals("value2", values[0]); } + + @Test + public void testProcessParametersChar(){ + + Parameters params = new Parameters(); + // first an invalid url encoded request + { + String request="test=%c]"; + params.setQueryStringEncoding(Charset.forName("UTF-8")); + + try{ + params.processParameters(request.toCharArray(), 0, request.length()); + }catch(IllegalStateException e){ + + } + } + { + // now a valid request, which would have failed before the fix, due to + // the buffer not being recycled + String request="test=test"; + params.setQueryStringEncoding(Charset.forName("UTF-8")); + params.processParameters(request.toCharArray(), 0, request.length()); + } + } + + @Test + public void testProcessParametersString(){ + + Parameters params = new Parameters(); + // first an invalid url encoded request + { + String request="test=%c]"; + params.setQueryStringEncoding(Charset.forName("UTF-8")); + + try{ + params.processParameters(request); + }catch(IllegalStateException e){ + + } + } + { + // now a valid request, which would have failed before the fix, due to + // the buffer not being recycled + String request="test=test"; + params.setQueryStringEncoding(Charset.forName("UTF-8")); + params.processParameters(request); + } + } private void validateParameters(Parameter[] parameters, Parameters p) { Iterator names = p.getParameterNames().iterator(); -- 1.8.1.msysgit.1