hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Moved] (HTTPCORE-472) incorrect "Maximum line length limit exceeded" detection is possible
Date Thu, 15 Jun 2017 08:43:02 GMT

     [ https://issues.apache.org/jira/browse/HTTPCORE-472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski moved HTTPCLIENT-1856 to HTTPCORE-472:
--------------------------------------------------------

    Affects Version/s:     (was: 4.5.3)
                       4.4.6
             Workflow: classic default workflow  (was: Default workflow, editable Closed status)
                  Key: HTTPCORE-472  (was: HTTPCLIENT-1856)
              Project: HttpComponents HttpCore  (was: HttpComponents HttpClient)

> incorrect "Maximum line length limit exceeded" detection is possible
> --------------------------------------------------------------------
>
>                 Key: HTTPCORE-472
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-472
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4.6
>            Reporter: Artem Nakonechnyy
>
> the error is in org.apache.http.impl.io.SessionInputBufferImpl#readLine(org.apache.http.util.CharArrayBuffer)
> {code}
> if (maxLineLen > 0) {
>                 final int currentLen = this.linebuffer.length()
>                         + (pos > 0 ? pos : this.bufferlen) - this.bufferpos;
>                 if (currentLen >= maxLineLen) {
>                     throw new MessageConstraintException("Maximum line length limit exceeded");
>                 }
>             }
> {code}
> If LF chanced to be at the beginning of the buffer, {{currentLen}} is calculated incorrectly.
It should be {{this.linebuffer.length() + pos - this.bufferpos}}, so, effectively {{this.linebuffer.length()
+ 0 - 0}}.
> E.g. if maxLineLen=10000, buffer.length=8192 (the default setting), a line is 9000, then
it doesn't fit the buffer, thus it's 1st part is read into {{linebuffer}}, 2nd part is read
into {{buffer}}. If the 9000 line's terminating LF chances to be the 1st char of that buffer,
and after that line it follows more header data, say, exceeding 8192 bytes - then the code
calculates {{currentLen = linebuffer.length() + bufferlen - bufferpos = 9000+ 8192 - 0}} >
10000, while actual line length is just 9000.
> I think the fix is to replace {{(pos > 0 ? pos : this.bufferlen)}} to {{(pos >
-1 ? pos : this.bufferlen)}}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message