Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 369602 - UrlEncoded.decodeToUtf8 should either catch/ignore NotUtf8Exceptions or not
Summary: UrlEncoded.decodeToUtf8 should either catch/ignore NotUtf8Exceptions or not
Status: RESOLVED FIXED
Alias: None
Product: Jetty
Classification: RT
Component: server (show other bugs)
Version: unspecified   Edit
Hardware: All All
: P3 normal (vote)
Target Milestone: 7.5.x   Edit
Assignee: Greg Wilkins CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-24 16:42 EST by Thomas Becker CLA
Modified: 2012-01-24 23:41 EST (History)
1 user (show)

See Also:

Attachments
proposed patch (3.93 KB, patch)
2012-01-24 16:55 EST, Thomas Becker CLA 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Becker CLA 2012-01-24 16:42:57 EST 
Build Identifier: 

There's two method implementations there:

1st is "UrlEncoded.decodeUtf8To(byte[] raw,int offset, int length, MultiMap map,Utf8StringBuilder buffer)" which does a:

                catch(NotUtf8Exception e)
                {
                    LOG.warn(e.toString());
                    LOG.debug(e);
                }

Thus invalid chars get replaced and the exception is ignored. 

2nd is "decodeUtf8To(InputStream in, MultiMap map, int maxLength, int maxKeys)" which doesn't catch the exception and thus throws it up the stack.

We should either reject URLs containing invalid utf8 chars or always replace them.

Reproducible: Always
Comment 1 Thomas Becker CLA 2012-01-24 16:55:59 EST 
Created attachment 210017 [details]
proposed patch
Comment 2 Greg Wilkins CLA 2012-01-24 23:22:23 EST 
thomas,

your patch reformatted the code with wrong curly style.
Comment 3 Greg Wilkins CLA 2012-01-24 23:24:06 EST 
it's also using tabs rather than spaces.  Can you make sure you have the jetty code styles applied to you IDE
Comment 4 Greg Wilkins CLA 2012-01-24 23:41:39 EST 
fixed in ee9e195b4938cb3b05d02c6739285b36ed5d40c3 and also a small test harness added.