From 722dd5134d8f50f24bbd15d4e00e839b99a28078 Mon Sep 17 00:00:00 2001 From: mansal Date: Thu, 31 Oct 2024 19:14:05 -0400 Subject: [PATCH] CRLF Verification Handler enablement --- .../ws/http/netty/pipeline/CRLFValidationHandler.java | 2 +- .../http/netty/pipeline/HttpPipelineInitializer.java | 2 +- .../netty/pipeline/http2/LibertyNettyALPNHandler.java | 2 +- .../netty/pipeline/inbound/HttpDispatcherHandler.java | 10 +++++----- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/CRLFValidationHandler.java b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/CRLFValidationHandler.java index 502a48a721e..348627b5456 100644 --- a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/CRLFValidationHandler.java +++ b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/CRLFValidationHandler.java @@ -20,7 +20,7 @@ public class CRLFValidationHandler extends ChannelInboundHandlerAdapter { - private static final int MAX_CRLF_ALLOWED = 0; + private static final int MAX_CRLF_ALLOWED = 2; @Override public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception { diff --git a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/HttpPipelineInitializer.java b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/HttpPipelineInitializer.java index 58c26f95149..a0304ffba09 100644 --- a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/HttpPipelineInitializer.java +++ b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/HttpPipelineInitializer.java @@ -215,7 +215,7 @@ private void setupHttp11Pipeline(ChannelPipeline pipeline) { //TODO: check for best default first line max size (changing for jwt test) HttpServerCodec sourceCodec = new HttpServerCodec(8192, Integer.MAX_VALUE, httpConfig.getIncomingBodyBufferSize()); - //pipeline.addLast(CRLF_VALIDATION_HANDLER, new CRLFValidationHandler()); + pipeline.addLast(CRLF_VALIDATION_HANDLER, new CRLFValidationHandler()); pipeline.addLast(NETTY_HTTP_SERVER_CODEC, sourceCodec); pipeline.addLast(HTTP_DISPATCHER_HANDLER_NAME, new HttpDispatcherHandler(httpConfig)); addPreHttpCodecHandlers(pipeline); diff --git a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/http2/LibertyNettyALPNHandler.java b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/http2/LibertyNettyALPNHandler.java index 08cca1cde2a..293942b9458 100644 --- a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/http2/LibertyNettyALPNHandler.java +++ b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/http2/LibertyNettyALPNHandler.java @@ -63,7 +63,7 @@ protected void configurePipeline(ChannelHandlerContext ctx, String protocol) thr } ctx.pipeline().addAfter(HttpPipelineInitializer.HTTP_ALPN_HANDLER_NAME, HttpPipelineInitializer.NETTY_HTTP_SERVER_CODEC, new HttpServerCodec(8192, Integer.MAX_VALUE, httpConfig.getIncomingBodyBufferSize())); - // ctx.pipeline().addBefore(HttpPipelineInitializer.NETTY_HTTP_SERVER_CODEC, HttpPipelineInitializer.CRLF_VALIDATION_HANDLER, new CRLFValidationHandler()); + ctx.pipeline().addBefore(HttpPipelineInitializer.NETTY_HTTP_SERVER_CODEC, HttpPipelineInitializer.CRLF_VALIDATION_HANDLER, new CRLFValidationHandler()); ctx.pipeline().addAfter(HttpPipelineInitializer.NETTY_HTTP_SERVER_CODEC, HttpPipelineInitializer.HTTP_KEEP_ALIVE_HANDLER_NAME, new HttpServerKeepAliveHandler()); //TODO: this is a very large number, check best practice ctx.pipeline().addAfter(HttpPipelineInitializer.HTTP_KEEP_ALIVE_HANDLER_NAME, HttpPipelineInitializer.HTTP_AGGREGATOR_HANDLER_NAME, diff --git a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/inbound/HttpDispatcherHandler.java b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/inbound/HttpDispatcherHandler.java index 58e342524fd..140b2004ae9 100644 --- a/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/inbound/HttpDispatcherHandler.java +++ b/dev/com.ibm.ws.transport.http/src/com/ibm/ws/http/netty/pipeline/inbound/HttpDispatcherHandler.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2023 IBM Corporation and others. + * Copyright (c) 2023, 2024 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License 2.0 * which accompanies this distribution, and is available at @@ -117,11 +117,11 @@ public void exceptionCaught(ChannelHandlerContext context, Throwable cause) thro return; } else if (cause instanceof IllegalArgumentException) { //Legacy doesnt throw ffdc on processNewInformation - //if(context.channel().attr(NettyHttpConstants.THROW_FFDC).get() != null){ - // context.channel().attr(NettyHttpConstants.THROW_FFDC).set(null); - //}else{ + if(context.channel().attr(NettyHttpConstants.THROW_FFDC).get() != null){ + context.channel().attr(NettyHttpConstants.THROW_FFDC).set(null); + }else{ FFDCFilter.processException(cause, HttpDispatcherHandler.class.getName() + ".exceptionCaught(ChannelHandlerContext, Throwable)", "1", context); - //} + } if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) { Tr.debug(tc, "exceptionCaught encountered an IllegalArgumentException : " + cause);