Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1554

Improve handling and leniency of bad POST parameters

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • 2.0.26.Final
    • 2.0.21.Final
    • Core
    • None

    Description

      Undertow is less lenient for a bad POST parameter compared to EAP 6/JBossWeb and Tomcat. If the request contains a bad parameter with a value of '%', then the
      request fails with a StringIndexOutOfBoundsException:

      java.lang.StringIndexOutOfBoundsException: String index out of range: 1
	at java.lang.String.charAt(String.java:658)
	at io.undertow.util.URLUtils.decode(URLUtils.java:132)
	at io.undertow.util.URLUtils.decode(URLUtils.java:78)
	at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:186)
	at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:252)
	at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:832)
	at io.undertow.servlet.spec.HttpServletRequestImpl.getParameterMap(HttpServletRequestImpl.java:785)

      EAP 6 and Tomcat ignore the problem parameter and just log a message like below, so all other parameters can be handled successfully still for a 200 response:

      INFO [http-nio-8080-exec-1] org.apache.tomcat.util.http.Parameters.processParameters Character decoding failed. Parameter [test1] with value [%] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.
 Note: further occurrences of Parameter errors will be logged at DEBUG level.

      Can Undertow be improved to be more lenient in this case like EAP 6/Tomcat?

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-17009 [GSS](7.2.z) UNDERTOW-1554 - Improve handling and leniency of bad POST parameters

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFCORE-4641 Upgrade Undertow to 2.0.26.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              mmarusic Marek Marusic (Inactive)
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: