Simplify reading of request body for x-www-form-urlencoded processing

An incomplete body is the same as a client disconnect before the request body has been read as that is the only way a client can provide an incomplete body.
apache · Jun 23, 2023 · e6ad02f · e6ad02f
1 parent 7b4278c
commit e6ad02f
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 5 deletions.
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
@@ -17,6 +17,7 @@
 package org.apache.catalina.connector;
 
 import java.io.BufferedReader;
+import java.io.EOFException;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -3115,10 +3116,7 @@ protected void parseParameters() {
                     formData = new byte[len];
                 }
                 try {
-                    if (readPostBody(formData, len) != len) {
-                        parameters.setParseFailedReason(FailReason.REQUEST_BODY_INCOMPLETE);
-                        return;
-                    }
+                    readPostBodyFully(formData, len);
                 } catch (IOException e) {
                     // Client disconnect
                     Context context = getContext();
@@ -3165,15 +3163,18 @@ protected void parseParameters() {
 
 
     /**
-     * Read post body in an array.
+     * Read post body into an array.
      *
      * @param body The bytes array in which the body will be read
      * @param len  The body length
      *
      * @return the bytes count that has been read
      *
      * @throws IOException if an IO exception occurred
+     *
+     * @deprecated Unused. Will be removed in Tomcat 11.0.x onwards. Use {@link #readPostBodyFully(byte[], int)}
      */
+    @Deprecated
     protected int readPostBody(byte[] body, int len) throws IOException {
 
         int offset = 0;
@@ -3189,6 +3190,26 @@ protected int readPostBody(byte[] body, int len) throws IOException {
     }
 
 
+    /**
+     * Read post body into an array.
+     *
+     * @param body The bytes array in which the body will be read
+     * @param len  The body length
+     *
+     * @throws IOException if an IO exception occurred or EOF is reached before the body has been fully read
+     */
+    protected void readPostBodyFully(byte[] body, int len) throws IOException {
+        int offset = 0;
+        do {
+            int inputLen = getStream().read(body, offset, len - offset);
+            if (inputLen <= 0) {
+                throw new EOFException();
+            }
+            offset += inputLen;
+        } while ((len - offset) > 0);
+    }
+
+
     /**
      * Read chunked post body.
      *

diff --git a/java/org/apache/catalina/filters/FailedRequestFilter.java b/java/org/apache/catalina/filters/FailedRequestFilter.java
@@ -49,6 +49,7 @@ protected Log getLogger() {
         return log;
     }
 
+    @SuppressWarnings("deprecation")
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {

diff --git a/java/org/apache/tomcat/util/http/Parameters.java b/java/org/apache/tomcat/util/http/Parameters.java
@@ -503,6 +503,12 @@ public enum FailReason {
         IO_ERROR,
         NO_NAME,
         POST_TOO_LARGE,
+        /**
+         * Same as {@link #CLIENT_DISCONNECT}.
+         *
+         * @deprecated Unused. Will be removed in Tomcat 11.0.x onwards
+         */
+        @Deprecated
         REQUEST_BODY_INCOMPLETE,
         TOO_MANY_PARAMETERS,
         UNKNOWN,