Bug 61264 - Default charset used when Content-Type request header specifies invalid charset
Summary: Default charset used when Content-Type request header specifies invalid charset
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.5.15
Hardware: PC All
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-07 08:38 UTC by Lazar Kirchev
Modified: 2017-07-09 20:26 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lazar Kirchev 2017-07-07 08:38:12 UTC
Prior to Tomcat 8.5.15 if the Content-Type request header specifies an invalid charset then the HttpServletRequest.getReader() throws a UnsupportedEncodingException (from its javadoc:it should throw such an exception if the character set encoding used is not supported and the text cannot be decoded).

However, in Tomcat 8.5.15 with change https://github.com/apache/tomcat85/commit/18e70aff0fd3e9195d2bf01e445c49ea9fd44d0b this exception is silently ignored (in org.apache.coyote.Request.getCharsetFromContentType() ) and then the default charset is used (in org.apache.catalina.connector.InputBuffer.checkConverter()).

According to Servlet 3.1 specification, section 3.11, the default charset should be used if the client does not specify a charset in the request.
Comment 1 Mark Thomas 2017-07-09 20:26:07 UTC
Fixed in:
- trunk for 9.0.0.M24 onwards
- 8.5.x for 8.5.18 onwards

Thanks for the report.