Details
-
Feature Request
-
Resolution: Done
-
Minor
-
None
-
None
-
User Experience
-
Low
Description
When getting a parameter map where the last parameter ends with %.
F.x. https://jboss.org?%
You ends up with a StringIndexOutOfBoundsException like below:
2019-05-31 05:55:30,582 ERROR [default task-91] [request] UT005023: Exception handling request to /admin/login.do: java.lang.StringIndexOutOfBoundsException: String index out of range: 3
at java.lang.String.charAt(String.java:658)
at io.undertow.util.URLUtils.decode(URLUtils.java:133)
at io.undertow.util.URLUtils.decode(URLUtils.java:78)
at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:186)
at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:252)
at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:833)
at io.undertow.servlet.spec.HttpServletRequestImpl.getParameterMap(HttpServletRequestImpl.java:786)
It appears to be these line that does not validate that there are 1/2 characters after the current:
....
while ((i < numChars)) {
if (c == '%') {
char p1 = Character.toLowerCase(s.charAt(i + 1));
....
char p2 = Character.toLowerCase(s.charAt(i + 2));
Attachments
Issue Links
- is incorporated by
-
WFCORE-4526 Upgrade Undertow to 2.0.22.Final
-
- Closed
-
