View | Details | Raw Unified | Return to bug 60594
Collapse All | Expand All

(-)conf/catalina.properties (+3 lines)
Lines 131-133 Link Here
131
#tomcat.util.buf.StringCache.char.enabled=true
131
#tomcat.util.buf.StringCache.char.enabled=true
132
#tomcat.util.buf.StringCache.trainThreshold=500000
132
#tomcat.util.buf.StringCache.trainThreshold=500000
133
#tomcat.util.buf.StringCache.cacheSize=5000
133
#tomcat.util.buf.StringCache.cacheSize=5000
134
135
# Allow for changes to HTTP request validation
136
#tomcat.util.http.parser.HttpParser.whitelist="|"
(-)java/org/apache/tomcat/util/http/parser/HttpParser.java (-1 / +14 lines)
Lines 61-66 Link Here
61
    private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE];
61
    private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE];
62
    private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
62
    private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
63
    private static final boolean[] IS_HTTP_PROTOCOL = new boolean[ARRAY_SIZE];
63
    private static final boolean[] IS_HTTP_PROTOCOL = new boolean[ARRAY_SIZE];
64
    private static final boolean[] IS_IN_WHITELIST = new boolean[ARRAY_SIZE];
64
65
65
    static {
66
    static {
66
        // Digest field types.
67
        // Digest field types.
Lines 82-87 Link Here
82
        // RFC2617 says nc is 8LHEX. <">8LHEX<"> will also be accepted
83
        // RFC2617 says nc is 8LHEX. <">8LHEX<"> will also be accepted
83
        fieldTypes.put("nc", FIELD_TYPE_LHEX);
84
        fieldTypes.put("nc", FIELD_TYPE_LHEX);
84
85
86
        String prop = System.getProperty("tomcat.util.http.parser.HttpParser.whitelist");
87
        if (prop != null) {
88
            for (int i = 0; i < prop.length(); i++) {
89
                char c = prop.charAt(i);
90
                if (c == '{' || c == '}' || c == '|') {
91
                    IS_IN_WHITELIST[c] = true;
92
                }
93
            }
94
        }
95
85
        for (int i = 0; i < ARRAY_SIZE; i++) {
96
        for (int i = 0; i < ARRAY_SIZE; i++) {
86
            // Control> 0-31, 127
97
            // Control> 0-31, 127
87
            if (i < 32 || i == 127) {
98
            if (i < 32 || i == 127) {
Lines 112-118 Link Here
112
            if (IS_CONTROL[i] || i > 127 ||
123
            if (IS_CONTROL[i] || i > 127 ||
113
                    i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' ||
124
                    i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' ||
114
                    i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {
125
                    i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {
115
                IS_NOT_REQUEST_TARGET[i] = true;
126
                if (!IS_IN_WHITELIST[i]) {
127
                    IS_NOT_REQUEST_TARGET[i] = true;
128
                }
116
            }
129
            }
117
130
118
            // Not valid for HTTP protocol
131
            // Not valid for HTTP protocol
(-)webapps/docs/config/systemprops.xml (+6 lines)
Lines 708-713 Link Here
708
      <p>If not specified, the default value of <code>3</code> will be used.</p>
708
      <p>If not specified, the default value of <code>3</code> will be used.</p>
709
    </property>
709
    </property>
710
710
711
    <property name="tomcat.util.http.parser.HttpParser.whitelist">
712
      <p>A string comprised of characters the server should allow even when they are not encoded.
713
      These characters would normally result in a 400 status.</p>
714
      <p>If not specified, the default value of <code>null</code> will be used.</p>
715
    </property>
716
711
  </properties>
717
  </properties>
712
718
713
</section>
719
</section>

Return to bug 60594