From 5593c810c980d9b1acd376167fc8755fbf60e799 Mon Sep 17 00:00:00 2001 From: Chenjp Date: Wed, 22 Jan 2025 13:52:15 +0800 Subject: [PATCH] Ensure partial put data range not exceed ContentRange declared Ensure write to bytes max to [end - start + 1], discard remaining part. --- java/org/apache/catalina/servlets/DefaultServlet.java | 7 ++++++- .../apache/catalina/servlets/TestDefaultServletPut.java | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index 3e9f78c87759..1ee475711722 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -689,10 +689,15 @@ protected File executePartialPut(HttpServletRequest req, ContentRange range, Str // Append data in request input stream to contentFile randAccessContentFile.seek(range.getStart()); int numBytesRead; + long remainingBytes = range.getEnd() - range.getStart() + 1L; byte[] transferBuffer = new byte[BUFFER_SIZE]; try (BufferedInputStream requestBufInStream = new BufferedInputStream(req.getInputStream(), BUFFER_SIZE)) { - while ((numBytesRead = requestBufInStream.read(transferBuffer)) != -1) { + while (remainingBytes > 0 && (numBytesRead = requestBufInStream.read(transferBuffer)) != -1) { + if (numBytesRead > remainingBytes) { + numBytesRead = (int) remainingBytes; + } randAccessContentFile.write(transferBuffer, 0, numBytesRead); + remainingBytes -= numBytesRead; } } } diff --git a/test/org/apache/catalina/servlets/TestDefaultServletPut.java b/test/org/apache/catalina/servlets/TestDefaultServletPut.java index d19b95684dcb..b6f63e0f5028 100644 --- a/test/org/apache/catalina/servlets/TestDefaultServletPut.java +++ b/test/org/apache/catalina/servlets/TestDefaultServletPut.java @@ -55,6 +55,9 @@ public static Collection parameters() { "Content-Range: bytes 0-" + PATCH_LEN + "/" + START_LEN + CRLF, Boolean.TRUE, END_TEXT, Boolean.TRUE }); parameterSets.add(new Object[] { "Content-Range: ByTeS 0-" + PATCH_LEN + "/" + START_LEN + CRLF, Boolean.TRUE, END_TEXT, Boolean.TRUE }); + // Valid partial PUT, only the first char is replaced. + parameterSets.add(new Object[] { + "Content-Range: ByTeS 0-" + 0 + "/" + START_LEN + CRLF, Boolean.TRUE, "Etarting text", Boolean.TRUE }); // Full PUT parameterSets.add(new Object[] { "", null, PATCH_TEXT, Boolean.TRUE });