Fix issues found by Copilot reviewing the chunked extension validation

markt-asf · markt-asf · commit a78aedcf7d3f · 2026-03-11T16:21:19.000Z
Name only extensions weren't handled
Non-blocking reads that ended after CR and before LF then failed
Exceptions were inconsistent
diff --git a/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java b/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
@@ -359,13 +359,17 @@ private boolean parseChunkHeader() throws IOException {
             byte chr = readChunk.get(readChunk.position());
 
             if (extensionState != null) {
-                extensionState = ChunkExtension.parse(chr, extensionState);
+                try {
+                    extensionState = ChunkExtension.parse(chr, extensionState);
+                } catch (IOException ioe) {
+                    throwBadRequestException(sm.getString("chunkedInputFilter.invalidHeader"));
+                }
                 if (extensionState == State.CR) {
+                    extensionState = null;
                     if (!parseCRLF()) {
                         return false;
                     }
                     eol = true;
-                    extensionState = null;
                 } else {
                     // Check the size
                     long extSize = extensionSize.incrementAndGet();
@@ -444,11 +448,11 @@ private boolean skipChunkHeader() {
                     return false;
                 }
                 if (extensionState == State.CR) {
+                    extensionState = null;
                     if (!skipCRLF()) {
                         return false;
                     }
                     eol = true;
-                    extensionState = null;
                 } else {
                     // Check the size
                     long extSize = extensionSize.incrementAndGet();
diff --git a/java/org/apache/tomcat/util/http/parser/ChunkExtension.java b/java/org/apache/tomcat/util/http/parser/ChunkExtension.java
@@ -45,6 +45,8 @@ public static State parse(byte b, State state) throws IOException {
                     return State.POST_NAME;
                 } else if (HttpParser.isToken(c)) {
                     return State.NAME;
+                } else if (c == ';') {
+                    return State.PRE_NAME;
                 } else if (c == '=') {
                     return State.EQUALS;
                 } else if (c == '\r') {
@@ -54,6 +56,8 @@ public static State parse(byte b, State state) throws IOException {
             case POST_NAME:
                 if (HttpParser.isWhiteSpace(c)) {
                     return State.POST_NAME;
+                } else if (c == ';') {
+                    return State.PRE_NAME;
                 } else if (c == '=') {
                     return State.EQUALS;
                 } else if (c == '\r') {
diff --git a/test/org/apache/catalina/nonblocking/TestNonBlockingAPI.java b/test/org/apache/catalina/nonblocking/TestNonBlockingAPI.java
@@ -599,7 +599,7 @@ public void testNonBlockingReadChunkedSplitInFinalCrlf() throws Exception {
     public void testNonBlockingReadChunkedSplitMaximum() throws Exception {
         // @formatter:off
         String requestBody = new String(
-                "14" + CRLF +
+                "14;a=b;c" + CRLF +
                 "012345678901FINISHED" + CRLF +
                 "0" + CRLF +
                 TRAILER_HEADER_NAME + ": " + TRAILER_HEADER_VALUE + CRLF +
diff --git a/test/org/apache/tomcat/util/http/parser/TestChunkExtension.java b/test/org/apache/tomcat/util/http/parser/TestChunkExtension.java
@@ -76,6 +76,16 @@ public void testTokenOnly03() {
         doTest("; abc  \r\n", true);
     }
 
+    @Test
+    public void testTokenOnlyTokenOnly01() {
+        doTest(";abc;abc\r\n", true);
+    }
+
+    @Test
+    public void testTokenOnlyTokenOnly02() {
+        doTest("; abc ; abc \r\n", true);
+    }
+
     @Test
     public void testTokenToken01() {
         doTest(";abc=abc\r\n", true);
