[UNDERTOW-1591][UNDERTOW-2123][UNDERTOW-2206] IAE trying to decode a requestPath

Author: rmartinc

core/src/main/java/io/undertow/server/Connectors.java

@@ -32,10 +32,12 @@
 import io.undertow.util.StatusCodes;
 import io.undertow.util.URLUtils;
 import io.undertow.connector.PooledByteBuffer;
+import org.xnio.OptionMap;
 import org.xnio.channels.StreamSourceChannel;
 import org.xnio.conduits.ConduitStreamSinkChannel;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.Date;
 import java.util.concurrent.Executor;
 import java.util.concurrent.RejectedExecutionException;
@@ -447,13 +449,33 @@ public static void setExchangeRequestPath(final HttpServerExchange exchange, fin
             throw new RuntimeException(e);
         }
     }
-        /**
-         * Sets the request path and query parameters, decoding to the requested charset.
-         *
-         * @param exchange    The exchange
-         * @param encodedPath        The encoded path
-         * @param charset     The charset
-         */
+
+    /**
+     * Sets the request path and query parameters, decoding to the requested charset.
+     * All the options are retrieved from the exchange undertow options.
+     *
+     * @param exchange The exchange
+     * @param encodedPath The encoded path to decode
+     * @param decodeBuffer The decode buffer to use
+     * @throws ParameterLimitException
+     */
+    public static void setExchangeRequestPath(final HttpServerExchange exchange, final String encodedPath, StringBuilder decodeBuffer) throws ParameterLimitException {
+        final OptionMap options = exchange.getConnection().getUndertowOptions();
+        setExchangeRequestPath(exchange, encodedPath,
+                options.get(UndertowOptions.URL_CHARSET, StandardCharsets.UTF_8.name()),
+                options.get(UndertowOptions.DECODE_URL, true),
+                options.get(UndertowOptions.ALLOW_ENCODED_SLASH, false),
+                decodeBuffer,
+                options.get(UndertowOptions.MAX_PARAMETERS, UndertowOptions.DEFAULT_MAX_PARAMETERS));
+    }
+
+    /**
+     * Sets the request path and query parameters, decoding to the requested charset.
+     *
+     * @param exchange    The exchange
+     * @param encodedPath The encoded path
+     * @param charset     The charset
+     */
     public static void setExchangeRequestPath(final HttpServerExchange exchange, final String encodedPath, final String charset, boolean decode, final boolean allowEncodedSlash, StringBuilder decodeBuffer, int maxParameters) throws ParameterLimitException {
         boolean requiresDecode = false;
         final StringBuilder pathBuilder = new StringBuilder();

core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java

@@ -619,7 +619,7 @@ final void handlePathParameters(ByteBuffer buffer, ParseState state, HttpServerE
                 handleParsedParam(param, stringBuilder.substring(pos), exchange, urlDecodeRequired, state);
                 final String path = stringBuilder.toString();
                 // the canonicalPathStart should be the current length to not add anything to it
-                parsePathComplete(state, exchange, path.length(), state.parseState, urlDecodeRequired, path);
+                parsePathComplete(state, exchange, path.length(), state.parseState, state.urlDecodeRequired, path);
                 state.state = ParseState.VERSION;
                 state.nextQueryParam = null;
                 if (next == '?') {

servlet/src/main/java/io/undertow/servlet/spec/AsyncContextImpl.java

@@ -21,9 +21,7 @@
 import java.io.IOException;
 import java.util.ArrayDeque;
 import java.util.Deque;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
@@ -61,8 +59,10 @@
 import io.undertow.servlet.handlers.ServletDebugPageHandler;
 import io.undertow.servlet.handlers.ServletPathMatch;
 import io.undertow.servlet.handlers.ServletRequestContext;
+import io.undertow.servlet.util.DispatchUtils;
 import io.undertow.util.CanonicalPathUtils;
 import io.undertow.util.Headers;
+import io.undertow.util.ParameterLimitException;
 import io.undertow.util.SameThreadExecutor;
 import io.undertow.util.StatusCodes;
 import io.undertow.util.WorkerUtils;
@@ -219,53 +219,15 @@ public void dispatch(final ServletContext context, final String path) {
 
         HttpServletRequestImpl requestImpl = servletRequestContext.getOriginalRequest();
         HttpServletResponseImpl responseImpl = servletRequestContext.getOriginalResponse();
-        final HttpServerExchange exchange = requestImpl.getExchange();
 
-        exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).setDispatcherType(DispatcherType.ASYNC);
-
-        requestImpl.setAttribute(ASYNC_REQUEST_URI, requestImpl.getOriginalRequestURI());
-        requestImpl.setAttribute(ASYNC_CONTEXT_PATH, requestImpl.getOriginalContextPath());
-        requestImpl.setAttribute(ASYNC_SERVLET_PATH, requestImpl.getOriginalServletPath());
-        requestImpl.setAttribute(ASYNC_QUERY_STRING, requestImpl.getOriginalQueryString());
-
-        String newQueryString = "";
-        int qsPos = path.indexOf("?");
-        String newServletPath = path;
-        if (qsPos != -1) {
-            newQueryString = newServletPath.substring(qsPos + 1);
-            newServletPath = newServletPath.substring(0, qsPos);
-        }
-        String newRequestUri = context.getContextPath() + newServletPath;
-
-        //todo: a more efficient impl
-        Map<String, Deque<String>> newQueryParameters = new HashMap<>();
-        for (String part : newQueryString.split("&")) {
-            String name = part;
-            String value = "";
-            int equals = part.indexOf('=');
-            if (equals != -1) {
-                name = part.substring(0, equals);
-                value = part.substring(equals + 1);
-            }
-            Deque<String> queue = newQueryParameters.get(name);
-            if (queue == null) {
-                newQueryParameters.put(name, queue = new ArrayDeque<>(1));
-            }
-            queue.add(value);
+        ServletPathMatch info;
+        try {
+            info = DispatchUtils.dispatchAsync(path, requestImpl, responseImpl, (ServletContextImpl) context);
+        } catch (ParameterLimitException e) {
+            throw new IllegalStateException(e);
         }
-        requestImpl.setQueryParameters(newQueryParameters);
-
-        requestImpl.getExchange().setRelativePath(newServletPath);
-        requestImpl.getExchange().setQueryString(newQueryString);
-        requestImpl.getExchange().setRequestPath(newRequestUri);
-        requestImpl.getExchange().setRequestURI(newRequestUri);
-        requestImpl.setServletContext((ServletContextImpl) context);
-        responseImpl.setServletContext((ServletContextImpl) context);
 
         Deployment deployment = requestImpl.getServletContext().getDeployment();
-        ServletPathMatch info = deployment.getServletPaths().getServletHandlerByPath(newServletPath);
-        requestImpl.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY).setServletPathMatch(info);
-
         dispatchAsyncRequest(deployment.getServletDispatcher(), info, exchange);
     }
 

servlet/src/main/java/io/undertow/servlet/spec/RequestDispatcherImpl.java

@@ -45,7 +45,8 @@
 import io.undertow.servlet.handlers.ServletRequestContext;
 import io.undertow.servlet.handlers.ServletChain;
 import io.undertow.servlet.handlers.ServletPathMatch;
-import io.undertow.util.QueryParameterUtils;
+import io.undertow.servlet.util.DispatchUtils;
+import io.undertow.util.ParameterLimitException;
 
 /**
  * @author Stuart Douglas
@@ -55,32 +56,20 @@ public class RequestDispatcherImpl implements RequestDispatcher {
     private final String path;
     private final ServletContextImpl servletContext;
     private final ServletChain chain;
-    private final ServletPathMatch pathMatch;
     private final boolean named;
 
     public RequestDispatcherImpl(final String path, final ServletContextImpl servletContext) {
         this.path = path;
         this.servletContext = servletContext;
-        String basePath = path;
-        int qPos = basePath.indexOf("?");
-        if (qPos != -1) {
-            basePath = basePath.substring(0, qPos);
-        }
-        int mPos = basePath.indexOf(";");
-        if(mPos != -1) {
-            basePath = basePath.substring(0, mPos);
-        }
-        this.pathMatch = servletContext.getDeployment().getServletPaths().getServletHandlerByPath(basePath);
-        this.chain = pathMatch.getServletChain();
         this.named = false;
+        this.chain = null;
     }
 
     public RequestDispatcherImpl(final ServletChain chain, final ServletContextImpl servletContext) {
         this.chain = chain;
         this.named = true;
         this.servletContext = servletContext;
         this.path = null;
-        this.pathMatch = null;
     }
 
 
@@ -169,8 +158,6 @@ private void forwardImpl(ServletRequest request, ServletResponse response, Servl
         final ServletRequest oldRequest = servletRequestContext.getServletRequest();
         final ServletResponse oldResponse = servletRequestContext.getServletResponse();
 
-        Map<String, Deque<String>> queryParameters = requestImpl.getQueryParameters();
-
         request.removeAttribute(INCLUDE_REQUEST_URI);
         request.removeAttribute(INCLUDE_CONTEXT_PATH);
         request.removeAttribute(INCLUDE_SERVLET_PATH);
@@ -181,38 +168,14 @@ private void forwardImpl(ServletRequest request, ServletResponse response, Servl
         final String oldRequestPath = requestImpl.getExchange().getRequestPath();
         final String oldPath = requestImpl.getExchange().getRelativePath();
         final ServletPathMatch oldServletPathMatch = requestImpl.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY).getServletPathMatch();
-        if (!named) {
-
-            //only update if this is the first forward
-            if (request.getAttribute(FORWARD_REQUEST_URI) == null) {
-                requestImpl.setAttribute(FORWARD_REQUEST_URI, requestImpl.getRequestURI());
-                requestImpl.setAttribute(FORWARD_CONTEXT_PATH, requestImpl.getContextPath());
-                requestImpl.setAttribute(FORWARD_SERVLET_PATH, requestImpl.getServletPath());
-                requestImpl.setAttribute(FORWARD_PATH_INFO, requestImpl.getPathInfo());
-                requestImpl.setAttribute(FORWARD_QUERY_STRING, requestImpl.getQueryString());
-            }
 
-            int qsPos = path.indexOf("?");
-            String newServletPath = path;
-            if (qsPos != -1) {
-                String newQueryString = newServletPath.substring(qsPos + 1);
-                newServletPath = newServletPath.substring(0, qsPos);
-
-                String encoding = QueryParameterUtils.getQueryParamEncoding(servletRequestContext.getExchange());
-                Map<String, Deque<String>> newQueryParameters = QueryParameterUtils.mergeQueryParametersWithNewQueryString(queryParameters, newQueryString, encoding);
-                requestImpl.getExchange().setQueryString(newQueryString);
-                requestImpl.setQueryParameters(newQueryParameters);
+        ServletPathMatch pathMatch = null;
+        if (!named) {
+            try {
+                pathMatch = DispatchUtils.dispatchForward(path, requestImpl, responseImpl, servletContext);
+            } catch (ParameterLimitException e) {
+                throw new ServletException(e);
             }
-            String newRequestUri = servletContext.getContextPath() + newServletPath;
-
-
-
-            requestImpl.getExchange().setRelativePath(newServletPath);
-            requestImpl.getExchange().setRequestPath(newRequestUri);
-            requestImpl.getExchange().setRequestURI(newRequestUri);
-            requestImpl.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY).setServletPathMatch(pathMatch);
-            requestImpl.setServletContext(servletContext);
-            responseImpl.setServletContext(servletContext);
         }
 
         try {
@@ -241,9 +204,7 @@ private void forwardImpl(ServletRequest request, ServletResponse response, Servl
                         }
                     }
                 }
-            } catch (ServletException e) {
-                throw e;
-            } catch (IOException e) {
+            } catch (ServletException | IOException e) {
                 throw e;
             } catch (Exception e) {
                 throw new RuntimeException(e);
@@ -348,32 +309,19 @@ private void includeImpl(ServletRequest request, ServletResponse response, Servl
         Object queryString = null;
         Map<String, Deque<String>> queryParameters = requestImpl.getQueryParameters();
 
+        ServletPathMatch pathMatch = null;
         if (!named) {
             requestUri = request.getAttribute(INCLUDE_REQUEST_URI);
             contextPath = request.getAttribute(INCLUDE_CONTEXT_PATH);
             servletPath = request.getAttribute(INCLUDE_SERVLET_PATH);
             pathInfo = request.getAttribute(INCLUDE_PATH_INFO);
             queryString = request.getAttribute(INCLUDE_QUERY_STRING);
 
-            int qsPos = path.indexOf("?");
-            String newServletPath = path;
-            if (qsPos != -1) {
-                String newQueryString = newServletPath.substring(qsPos + 1);
-                newServletPath = newServletPath.substring(0, qsPos);
-
-                String encoding = QueryParameterUtils.getQueryParamEncoding(servletRequestContext.getExchange());
-                Map<String, Deque<String>> newQueryParameters = QueryParameterUtils.mergeQueryParametersWithNewQueryString(queryParameters, newQueryString, encoding);
-                requestImpl.setQueryParameters(newQueryParameters);
-                requestImpl.setAttribute(INCLUDE_QUERY_STRING, newQueryString);
-            } else {
-                requestImpl.setAttribute(INCLUDE_QUERY_STRING, "");
+            try {
+                pathMatch = DispatchUtils.dispatchInclude(path, requestImpl, responseImpl, servletContext);
+            } catch (ParameterLimitException e) {
+                throw new ServletException(e);
             }
-            String newRequestUri = servletContext.getContextPath() + newServletPath;
-
-            requestImpl.setAttribute(INCLUDE_REQUEST_URI, newRequestUri);
-            requestImpl.setAttribute(INCLUDE_CONTEXT_PATH, servletContext.getContextPath());
-            requestImpl.setAttribute(INCLUDE_SERVLET_PATH, pathMatch.getMatched());
-            requestImpl.setAttribute(INCLUDE_PATH_INFO, pathMatch.getRemaining());
         }
         boolean inInclude = responseImpl.isInsideInclude();
         responseImpl.setInsideInclude(true);
@@ -386,10 +334,9 @@ private void includeImpl(ServletRequest request, ServletResponse response, Servl
             try {
                 servletRequestContext.setServletRequest(request);
                 servletRequestContext.setServletResponse(response);
-                servletContext.getDeployment().getServletDispatcher().dispatchToServlet(requestImpl.getExchange(), chain, DispatcherType.INCLUDE);
-            } catch (ServletException e) {
-                throw e;
-            } catch (IOException e) {
+                servletContext.getDeployment().getServletDispatcher().dispatchToServlet(requestImpl.getExchange(),
+                        named? chain : pathMatch.getServletChain(), DispatcherType.INCLUDE);
+            } catch (ServletException|IOException e) {
                 throw e;
             } catch (Exception e) {
                 throw new RuntimeException(e);
@@ -452,59 +399,20 @@ private void error(ServletRequestContext servletRequestContext, final ServletReq
 
         final ServletRequest oldRequest = servletRequestContext.getServletRequest();
         final ServletResponse oldResponse = servletRequestContext.getServletResponse();
-        servletRequestContext.setDispatcherType(DispatcherType.ERROR);
-
-        //only update if this is the first forward, add forward attrs too
-        if (request.getAttribute(FORWARD_REQUEST_URI) == null) {
-            requestImpl.setAttribute(FORWARD_REQUEST_URI, requestImpl.getRequestURI());
-            requestImpl.setAttribute(FORWARD_CONTEXT_PATH, requestImpl.getContextPath());
-            requestImpl.setAttribute(FORWARD_SERVLET_PATH, requestImpl.getServletPath());
-            requestImpl.setAttribute(FORWARD_PATH_INFO, requestImpl.getPathInfo());
-            requestImpl.setAttribute(FORWARD_QUERY_STRING, requestImpl.getQueryString());
-        }
-        requestImpl.setAttribute(ERROR_REQUEST_URI, requestImpl.getRequestURI());
-        requestImpl.setAttribute(ERROR_SERVLET_NAME, servletName);
-        if (exception != null) {
-            if (exception instanceof ServletException && ((ServletException)exception).getRootCause() != null) {
-                requestImpl.setAttribute(ERROR_EXCEPTION, ((ServletException) exception).getRootCause());
-                requestImpl.setAttribute(ERROR_EXCEPTION_TYPE, ((ServletException) exception).getRootCause().getClass());
-            } else {
-                requestImpl.setAttribute(ERROR_EXCEPTION, exception);
-                requestImpl.setAttribute(ERROR_EXCEPTION_TYPE, exception.getClass());
-            }
-        }
-        requestImpl.setAttribute(ERROR_MESSAGE, message);
-        requestImpl.setAttribute(ERROR_STATUS_CODE, responseImpl.getStatus());
-
-        int qsPos = path.indexOf("?");
-        String newServletPath = path;
-        if (qsPos != -1) {
-            Map<String, Deque<String>> queryParameters = requestImpl.getQueryParameters();
-            String newQueryString = newServletPath.substring(qsPos + 1);
-            newServletPath = newServletPath.substring(0, qsPos);
-
-            String encoding = QueryParameterUtils.getQueryParamEncoding(servletRequestContext.getExchange());
-            Map<String, Deque<String>> newQueryParameters = QueryParameterUtils.mergeQueryParametersWithNewQueryString(queryParameters, newQueryString, encoding);
-            requestImpl.getExchange().setQueryString(newQueryString);
-            requestImpl.setQueryParameters(newQueryParameters);
-        }
-        String newRequestUri = servletContext.getContextPath() + newServletPath;
 
-        requestImpl.getExchange().setRelativePath(newServletPath);
-        requestImpl.getExchange().setRequestPath(newRequestUri);
-        requestImpl.getExchange().setRequestURI(newRequestUri);
-        requestImpl.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY).setServletPathMatch(pathMatch);
-        requestImpl.setServletContext(servletContext);
-        responseImpl.setServletContext(servletContext);
+        ServletPathMatch pathMatch;
+        try {
+            pathMatch = DispatchUtils.dispatchError(path, servletName, exception, message, requestImpl, responseImpl, servletContext);
+        } catch (ParameterLimitException e) {
+            throw new ServletException(e);
+        }
 
         try {
             try {
                 servletRequestContext.setServletRequest(request);
                 servletRequestContext.setServletResponse(response);
                 servletContext.getDeployment().getServletDispatcher().dispatchToPath(requestImpl.getExchange(), pathMatch, DispatcherType.ERROR);
-            } catch (ServletException e) {
-                throw e;
-            } catch (IOException e) {
+            } catch (ServletException | IOException e) {
                 throw e;
             } catch (Exception e) {
                 throw new RuntimeException(e);