61999: Disable saving POST data when maxSavePostSize is set to 0. git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk@1821158 13f79535-47bb-0310-9956-ffa450edef68

commit: 0537c24e2e2b3f9d0ef53dc716475bdb326b0e19 [log] [tgz]
author: Remy Maucherat <remm@apache.org> Mon Jan 15 14:36:16 2018 +0000
committer: Remy Maucherat <remm@apache.org> Mon Jan 15 14:36:16 2018 +0000
tree: 46524005ed3843d56f7ff8f0777b5abcf1d8cb55
parent: 271a61d12e64c78de8e83de3e27c082b00c48e84 [diff]
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 3920590..a4db2b9 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java

@@ -652,21 +652,24 @@
         // May need to acknowledge a 100-continue expectation
         request.getResponse().sendAcknowledgement();
 
-        ByteChunk body = new ByteChunk();
-        body.setLimit(request.getConnector().getMaxSavePostSize());
+        int maxSavePostSize = request.getConnector().getMaxSavePostSize();
+        if (maxSavePostSize != 0) {
+            ByteChunk body = new ByteChunk();
+            body.setLimit(request.getConnector().getMaxSavePostSize());
 
-        byte[] buffer = new byte[4096];
-        int bytesRead;
-        InputStream is = request.getInputStream();
+            byte[] buffer = new byte[4096];
+            int bytesRead;
+            InputStream is = request.getInputStream();
 
-        while ( (bytesRead = is.read(buffer) ) >= 0) {
-            body.append(buffer, 0, bytesRead);
-        }
+            while ( (bytesRead = is.read(buffer) ) >= 0) {
+                body.append(buffer, 0, bytesRead);
+            }
 
-        // Only save the request body if there is something to save
-        if (body.getLength() > 0) {
-            saved.setContentType(request.getContentType());
-            saved.setBody(body);
+            // Only save the request body if there is something to save
+            if (body.getLength() > 0) {
+                saved.setContentType(request.getContentType());
+                saved.setBody(body);
+            }
         }
 
         saved.setMethod(request.getMethod());

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 678f338..817dab1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml

@@ -66,6 +66,10 @@
         <code>setHeader()</code> or <code>addHeader()</code> as well as when it
         is set via <code>setContentType()</code>. (markt)
       </fix>
+      <fix>
+        <bug>61999</bug>: maxSavePostSize set to 0 should disable saving POST
+        data during authentication. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">
commit	0537c24e2e2b3f9d0ef53dc716475bdb326b0e19	[log] [tgz]
author	Remy Maucherat <remm@apache.org>	Mon Jan 15 14:36:16 2018 +0000
committer	Remy Maucherat <remm@apache.org>	Mon Jan 15 14:36:16 2018 +0000
tree	46524005ed3843d56f7ff8f0777b5abcf1d8cb55
parent	271a61d12e64c78de8e83de3e27c082b00c48e84 [diff]