Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1554

Improve handling and leniency of bad POST parameters

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 2.0.26.Final
    • 2.0.21.Final
    • Core
    • None

      Undertow is less lenient for a bad POST parameter compared to EAP 6/JBossWeb and Tomcat. If the request contains a bad parameter with a value of '%', then the
      request fails with a StringIndexOutOfBoundsException:

      java.lang.StringIndexOutOfBoundsException: String index out of range: 1
      	at java.lang.String.charAt(String.java:658)
      	at io.undertow.util.URLUtils.decode(URLUtils.java:132)
      	at io.undertow.util.URLUtils.decode(URLUtils.java:78)
      	at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:186)
      	at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:252)
      	at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:832)
      	at io.undertow.servlet.spec.HttpServletRequestImpl.getParameterMap(HttpServletRequestImpl.java:785)
      

      EAP 6 and Tomcat ignore the problem parameter and just log a message like below, so all other parameters can be handled successfully still for a 200 response:

      INFO [http-nio-8080-exec-1] org.apache.tomcat.util.http.Parameters.processParameters Character decoding failed. Parameter [test1] with value [%] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.
       Note: further occurrences of Parameter errors will be logged at DEBUG level.
      

      Can Undertow be improved to be more lenient in this case like EAP 6/Tomcat?

            mmarusic Marek Marusic (Inactive)
            rhn-support-aogburn Aaron Ogburn
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: