Lines 61-66
Link Here
|
61 |
private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE]; |
61 |
private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE]; |
62 |
private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE]; |
62 |
private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE]; |
63 |
private static final boolean[] IS_HTTP_PROTOCOL = new boolean[ARRAY_SIZE]; |
63 |
private static final boolean[] IS_HTTP_PROTOCOL = new boolean[ARRAY_SIZE]; |
|
|
64 |
private static final boolean[] IS_IN_WHITELIST = new boolean[ARRAY_SIZE]; |
64 |
|
65 |
|
65 |
static { |
66 |
static { |
66 |
// Digest field types. |
67 |
// Digest field types. |
Lines 82-87
Link Here
|
82 |
// RFC2617 says nc is 8LHEX. <">8LHEX<"> will also be accepted |
83 |
// RFC2617 says nc is 8LHEX. <">8LHEX<"> will also be accepted |
83 |
fieldTypes.put("nc", FIELD_TYPE_LHEX); |
84 |
fieldTypes.put("nc", FIELD_TYPE_LHEX); |
84 |
|
85 |
|
|
|
86 |
String prop = System.getProperty("tomcat.util.http.parser.HttpParser.whitelist"); |
87 |
if (prop != null) { |
88 |
for (int i = 0; i < prop.length(); i++) { |
89 |
IS_IN_WHITELIST[prop.charAt(i)] = true; |
90 |
} |
91 |
} |
92 |
|
85 |
for (int i = 0; i < ARRAY_SIZE; i++) { |
93 |
for (int i = 0; i < ARRAY_SIZE; i++) { |
86 |
// Control> 0-31, 127 |
94 |
// Control> 0-31, 127 |
87 |
if (i < 32 || i == 127) { |
95 |
if (i < 32 || i == 127) { |
Lines 112-118
Link Here
|
112 |
if (IS_CONTROL[i] || i > 127 || |
120 |
if (IS_CONTROL[i] || i > 127 || |
113 |
i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' || |
121 |
i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' || |
114 |
i == '^' || i == '`' || i == '{' || i == '|' || i == '}') { |
122 |
i == '^' || i == '`' || i == '{' || i == '|' || i == '}') { |
115 |
IS_NOT_REQUEST_TARGET[i] = true; |
123 |
if (!IS_IN_WHITELIST[i]) { |
|
|
124 |
IS_NOT_REQUEST_TARGET[i] = true; |
125 |
} |
116 |
} |
126 |
} |
117 |
|
127 |
|
118 |
// Not valid for HTTP protocol |
128 |
// Not valid for HTTP protocol |