Skip to content

Commit 3bca0bc

Browse files
Wim van Ravesteijnjon-valliere
Wim van Ravesteijn
authored and
jon-valliere
committed
Adds malformed HTTP request check
1 parent 7dc266a commit 3bca0bc

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

mina-http/src/test/java/org/apache/mina/http/HttpServerDecoderTest.java

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
package org.apache.mina.http;
2121

2222
import static org.junit.Assert.assertEquals;
23+
import static org.junit.Assert.assertNotEquals;
2324
import static org.junit.Assert.assertTrue;
2425

2526
import java.nio.charset.CharacterCodingException;
@@ -41,6 +42,8 @@ public class HttpServerDecoderTest {
4142

4243
private static final ProtocolDecoder decoder = new HttpServerDecoder();
4344

45+
private static final String DECODER_STATE_ATT = "http.ds";
46+
4447
/*
4548
* Use a single session for all requests in order to test state management better
4649
*/
@@ -295,4 +298,26 @@ public void flush(NextFilter nextFilter, IoSession session) {
295298
assertEquals("localhost", request.getHeader("host"));
296299
assertTrue(out.getMessageQueue().poll() instanceof HttpEndOfContent);
297300
}
301+
302+
@Test
303+
public void dosOnRequestWithAdditionalData() throws Exception {
304+
AbstractProtocolDecoderOutput out = new AbstractProtocolDecoderOutput() {
305+
public void flush(NextFilter nextFilter, IoSession session) {
306+
}
307+
};
308+
IoBuffer buffer = IoBuffer.allocate(0).setAutoExpand(true);
309+
buffer.putString("GET / HTTP/1.0\r\nHost:localhost \r\n\r\ndummy", encoder);
310+
buffer.rewind();
311+
int prevBufferPosition = buffer.position();
312+
while (buffer.hasRemaining()) {
313+
decoder.decode(session, buffer, out);
314+
assertNotEquals("Buffer at new position", prevBufferPosition, buffer.position());
315+
prevBufferPosition = buffer.position();
316+
}
317+
assertEquals(2, out.getMessageQueue().size());
318+
HttpRequest request = (HttpRequest) out.getMessageQueue().poll();
319+
assertEquals("localhost", request.getHeader("host"));
320+
assertTrue(out.getMessageQueue().poll() instanceof HttpEndOfContent);
321+
session.removeAttribute(DECODER_STATE_ATT); // This test leaves session in HEAD state, crashing following test
322+
}
298323
}

0 commit comments

Comments
 (0)