hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mick Timony (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HTTPCLIENT-804) ChunkedInputStream Accepts Corrupted Chunked Input
Date Thu, 16 Oct 2008 23:02:44 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640370#action_12640370
] 

Mick Timony commented on HTTPCLIENT-804:
----------------------------------------

Here's an example containing 2 chunks, the first chunk size is 3, and the second chunk size
is 4:
3\r\n123\r\n4\r\n1234\r\n0\r\n

Here's the same chunk, only corrupted:
3\r\n11

It's reported size is 3 but the actual size is 2 and it's missing part of the first chunk,
the second chunk, and missing the chunk-length of zero to indicate the end of the chunk. This
shouldn't pass, but it does. I've only tested in httpClient 3.1, but looking at ChunkedInputStream
in the 4.x beta branch it looks like this problem is there also. (I'll test with the 4.x branch
next week).


I've created the following unit test, based on testCorruptChunkedInputStream1(),  that tests
for this behaviour and I hope to have a potential fix later this week, or next week. If you've
any comment or suggests on a fix please let me know. Thanks.

/*************** Unit test code below ***************/


 /**
     * Test for chunk that whose reported size is larger than its actual size.
     * 
     * @throws IOException
     */
    public void testCorruptChunkedInputStreamInvalidSize() throws IOException
    {
        // A chunk is in this format:
        // size in Hex
        // optional comment (; indicates optional comment preceded by the
        // comment)
        // followed by carriage return, a linefeed, and the data itself
        // carriage return, linefeed,
        // 0 to indicate end of the content
        // optional footers separated by carriage return, linefeed

        // this is in the correct format
        //String s = "3\r\n123\r\n4\r\n1234\r\n0\r\n";

        // this is not in correct format, and has 1 chunks whose reported size is 0x10, but
whose actual size is 1
        String s = "3\r\n12";
        byte[] sBuffer = EncodingUtil.getBytes(s, CONTENT_CHARSET);

        ByteArrayInputStream myByteArrayInputStream = new ByteArrayInputStream(sBuffer);

        HttpMethod method = new FakeHttpMethod();

        InputStream in = new ChunkedInputStream(myByteArrayInputStream, method);

        byte[] buffer = new byte[300];
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        int len;
        try
        {
            while ((len = in.read(buffer)) > 0)
            {
                // read in the chunks, we don't do anything with them
            }
            fail("Should have thrown exception");
        }
        catch (IOException e)
        {
            /* expected exception */
            //TODO: remove from final version
            System.out.println("IOException: " + e);
        }
    }


> ChunkedInputStream Accepts Corrupted Chunked Input 
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-804
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-804
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 Final
>         Environment: httpClient 3.1
>            Reporter: Mick Timony
>
> In one of our production environments we are seeing a random issue where incomplete content
is being received on a server which we have narrowed down to httpClient's ChunkedInputStream.

> If a corrupted and incomplete chunk is sent to httpClient it will be accepted as the
final chunk in the stream under the condition that the reported chunk's size is greater than
the actual size of the chunk.
> I will provide and example and associated unit test in comments below.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message