hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCORE-472) incorrect "Maximum line length limit exceeded" detection is possible
Date Thu, 15 Jun 2017 11:34:00 GMT

    [ https://issues.apache.org/jira/browse/HTTPCORE-472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16050361#comment-16050361
] 

ASF subversion and git services commented on HTTPCORE-472:
----------------------------------------------------------

Commit 0877c288253c1e431eb2b59107d8a037d07a6d80 in httpcomponents-core's branch refs/heads/4.4.x
from [~olegk]
[ https://git-wip-us.apache.org/repos/asf?p=httpcomponents-core.git;h=0877c28 ]

HTTPCORE-472: Fixed problem with blocking message parsers incorrectly throwing "Maximum line
length limit exceeded" exception in some corner cases


> incorrect "Maximum line length limit exceeded" detection is possible
> --------------------------------------------------------------------
>
>                 Key: HTTPCORE-472
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-472
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4.6
>            Reporter: Artem Nakonechnyy
>            Assignee: Oleg Kalnichevski
>
> the error is in org.apache.http.impl.io.SessionInputBufferImpl#readLine(org.apache.http.util.CharArrayBuffer)
> {code}
> if (maxLineLen > 0) {
>                 final int currentLen = this.linebuffer.length()
>                         + (pos > 0 ? pos : this.bufferlen) - this.bufferpos;
>                 if (currentLen >= maxLineLen) {
>                     throw new MessageConstraintException("Maximum line length limit exceeded");
>                 }
>             }
> {code}
> If LF chanced to be at the beginning of the buffer, {{currentLen}} is calculated incorrectly.
It should be {{this.linebuffer.length() + pos - this.bufferpos}}, so, effectively {{this.linebuffer.length()
+ 0 - 0}}.
> E.g. if maxLineLen=10000, buffer.length=8192 (the default setting), a line is 9000, then
it doesn't fit the buffer, thus it's 1st part is read into {{linebuffer}}, 2nd part is read
into {{buffer}}. If the 9000 line's terminating LF chances to be the 1st char of that buffer,
and after that line it follows more header data, say, exceeding 8192 bytes - then the code
calculates {{currentLen = linebuffer.length() + bufferlen - bufferpos = 9000+ 8192 - 0}} >
10000, while actual line length is just 9000.
> I think the fix is to replace {{(pos > 0 ? pos : this.bufferlen)}} to {{(pos >
-1 ? pos : this.bufferlen)}}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message