-
Bug
-
Resolution: Done
-
Major
-
None
-
None
The following predicate handler,
set( attribute=%{i,X-Tomcat-DocRoot}, value='' )
produces a nasty parsing exception
java.lang.StringIndexOutOfBoundsException: index -1,length 0
at java.base/java.lang.String.checkIndex(Unknown Source)
at java.base/java.lang.AbstractStringBuilder.charAt(Unknown Source)
at java.base/java.lang.StringBuilder.charAt(Unknown Source)
at io.undertow.server.handlers.builder.PredicatedHandlersParser.tokenize(PredicatedHandlersParser.java:617)
at io.undertow.server.handlers.builder.PredicatedHandlersParser.parse(PredicatedHandlersParser.java:84)
It doesn't seem that the parser was designed to handle the simple scenario of empty quotes!
Leaving off the `value` parameter from the handler parses OK,
set( attribute=%{i,X-Tomcat-DocRoot} )
but throws an NPE when the handler actually runs:
java.lang.NullPointerException: null
at io.undertow.server.handlers.SetAttributeHandler.handleRequest(SetAttributeHandler.java:117)
at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113)
The expected behavior for both of these examples would be to initialize the attribute (an HTTP request header in this case) to an empty value.
- incorporates
-
UNDERTOW-1885 Predicate Language: Parsing mishandles escaped quotes in string literal
- Resolved
- is duplicated by
-
UNDERTOW-1885 Predicate Language: Parsing mishandles escaped quotes in string literal
- Resolved
- is incorporated by
-
WFCORE-6057 Upgrade Undertow to 2.3.0.Final (CVE-2022-2764)
- Closed