Return-Path: Delivered-To: apmail-hc-dev-archive@www.apache.org Received: (qmail 50124 invoked from network); 4 Feb 2008 15:54:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Feb 2008 15:54:42 -0000 Received: (qmail 72358 invoked by uid 500); 4 Feb 2008 15:54:34 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 72162 invoked by uid 500); 4 Feb 2008 15:54:33 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 72152 invoked by uid 99); 4 Feb 2008 15:54:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Feb 2008 07:54:33 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Feb 2008 15:54:18 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 215F1714070 for ; Mon, 4 Feb 2008 07:54:11 -0800 (PST) Message-ID: <20252775.1202140451133.JavaMail.jira@brutus> Date: Mon, 4 Feb 2008 07:54:11 -0800 (PST) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Subject: [jira] Resolved: (HTTPCLIENT-732) Corrupted chunk-size field can cause OutOfMemory exception on ChunkedInputStream In-Reply-To: <16411984.1201210477364.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HTTPCLIENT-732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleg Kalnichevski resolved HTTPCLIENT-732. ------------------------------------------ Resolution: Won't Fix > Corrupted chunk-size field can cause OutOfMemory exception on ChunkedInputStream > -------------------------------------------------------------------------------- > > Key: HTTPCLIENT-732 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-732 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: 3.1 Final > Reporter: Alex Holmes > Attachments: ChunkedInputStream.java.diffu, HttpGet.java, HttpMethodParams.java.diffu, TestStreams.java.diffu > > > The ChunkedInputStream.getChunkSizeFromInputStream method keeps reading the chunk-size+extension line until it reaches the end of the line. However with corrupted chunked lines of sufficient size, it keeps reading content into the ByteArrayOutputStream until an OutOfMemory exception occurs. > I'm attaching a test client which demonstrates this behavior. An example of a URL with a corrupted chunk-size line that causes this exception is here: http://www.pepoweb.com/gallery/ > It would be useful to have a mechanism by which the max length for both the chunk-size and chunk-extension fields can be configured. I'm attaching diff patches that provide two additional configurable parameters enabling a max byte size for both fields, along with unit tests to test the changes. > The patches are based off the 3.0.1 codebase - if there's interest in this fix, I'll be happy to generate diff's for newer codebases. > ChunkedInputStream - now throws IOException if max limits on chunk-size/chunk-extension fields are supplied > HttpMethodParams - two additional configurables to set max limits on chunk-size/chunk-extension fields (defaults are unlimited) > TestStreams - two new methods to test the max chunk-size/chunk-extension behavior of the ChunkedInputStream > A key point is that this code is backwards compatible; the default behavior of the ChunkedInputStream is unchanged (unlimited # of bytes read for chunk-size/chunk-extension fields). > Thanks, > Alex -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org