63014 – Tomcat 9 throws exception when sending unencoded charecters in QueryString

Bug 63014 - Tomcat 9 throws exception when sending unencoded charecters in QueryString

Summary: Tomcat 9 throws exception when sending unencoded charecters in QueryString

Status:	RESOLVED INVALID

Alias:	None

Product:	Tomcat 9
Classification:	Unclassified
Component:	Connectors (show other bugs)
Version:	9.0.13
Hardware:	PC Mac OS X 10.1

Importance:	P2 major (vote)
Target Milestone:	-----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-12-18 08:47 UTC by Melvin A
Modified:	2018-12-18 08:52 UTC (History)
CC List:	0 users

Attachments
Tomcat 9.0.13 (345.35 KB, image/png) 2018-12-18 08:47 UTC, Melvin A	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Melvin A 2018-12-18 08:47:40 UTC

Created attachment 36333 [details]
Tomcat 9.0.13

I switched from tomcat 8.5.35 to 9.0.13. In 8.5 when I send an unencoded character in queryString it throws 400 error in the browser itself and no Exception is thrown or seen explicitly.

After I switched to tomcat 9, when I send an unencoded character in queryString it throws Exception and tomcat error page is shown. I configured error-page in
both the servers. 

I know that these characters can be relaxed by adding them in relaxedquerychars in server.xml. But still it is a 400 error and ideally it must redirect me to the configured error page.

Also when the response.setStatus(400) is called, error page is not redirected in both the servers.

web.xml -

<web-app>
  <error-page>
    <error-code>400</error-code>
    <location>/error.jsp</location>
  </error-page>
  <error-page>
    <error-code>500</error-code>
    <location>/error.jsp</location>
  </error-page>
</web-app>


URL=http://localhost:9013/app1/paramTest.jsp?name=^
Tomcat 8.5.32 - 'This page isn’t working' is shown in browser.
Tomcat 9.0.13 - java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
	org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
	org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
	org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
	org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
	org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	java.lang.Thread.run(Thread.java:748)

is thrown and tomcat error page is shown. I have attached the screenshot of the exception thrown. Do the needful.

Regards,
Melvin A

Comment 1 Remy Maucherat 2018-12-18 08:52:14 UTC

The exception is very explicit about the cause. The error occurs when the HTTP request is parsed, long before it is mapped, and it will not be mapped to anything since the URL is considered invalid. As a result, the error page of your application will not be found.

Please post on the Tomcat user mailing list first for this kind of problem.