tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefán F. Stefánsson <>
Subject [BUG] Security violation in Tomcat 3.2.1 (was: [BUG] problems with downloading a file, previous JSP gets buffered and sent instead)
Date Fri, 05 Jan 2001 09:48:17 GMT
Sorry for the repost guys but I think this is serious enough for at
least one reply!

In short, Tomcat is sending me a jsp file... that is to say, it's
sending me the "unprocessed" version of the JSP file, with code and
everything.  The JSP file seems to get stuck in the OutputStream buffer
of the response.  I don't understand that... what is an unprocessed JSP
file doing in the response buffer anyways?

Please respond,
	Stefan Freyr

p.s. I'll file a bug report on this later today unless somebody sees
anything wrong with it.

-----Original Message-----
From: Stefán F. Stefánsson 
Sent: 4. janúar 2001 10:31
To: Tomcat-Dev
Subject: [BUG] problems with downloading a file, previous JSP gets
buffered and sent instead


This sure looks like some kind of bug to me but I can't really say what
exactly is going on.

I have a servlet that gets a file out of a database according to a file
ID.  This servlet works just fine when I call it directly (that is, when
I manually write the URL into the address field in my browser).  But
then I started to try to call that URL from a link in a JSP page.  This
JSP page constructs a list of files available in an inbox and the files
that have not been downloaded are displayed as a link so that the user
can click it and get the file.  The link is formed exactly the same way
as the link I used to type in to the address field before (which worked
so well) but this time the FileDownloadServlet tries to send me the
mailbox.jsp file which is the file I call the link from.  The only thing
I can do is select "open file" in the dialog box and then it displays
the dialog box again with the file I wanted to download to begin with.

I think the reason for this is that the mailbox.jsp file is still being
stored in some buffer.  I wrote out the size of the buffer in the
servlet response in the FileDownloadServlet.  Before I wrote anything
into the output stream of the response the Buffer contained 8152 bytes
of data.  I tried to flush the stream and reset it but nothing works.
Well... resetting the buffer kindof works... but then I loose the header
I set in the FileDownloadServlet and the file shows up on the screen
which is absolutely not what I want!  I want to get the open/save file
dialog box.  I got that working by adding these two lines to the servlet

        response.setContentType("application/octet; name=" + fileName);
        response.setHeader("Content-Disposition", "attachment;
filename=" +

No matter whether I put response.flushBuffer() and/or response.reset()
before or after these two lines I always end up with some sort of

Just to clarify things, I'm attaching a flow diagram to the message so
that those willing to help can understand what the user does before this

Any help would be greatly appreciated.  Anybody know why the file
mailbox.jsp is stuck in the buffer???

Kind regards,
	Stefan Freyr

p.s. depending on the responses to this letter I'll decide if it's
worthy of a bug report.  It sure seems to me that the mailbox.jsp file
should not be in the buffer.
Stefan Freyr Stefansson
Software Developer
deCODE Genetics, Inc.

Phone: (+354) 570 2854
GSM:   (+354) 861 1718
Fax:   (+354) 491 3782
 <<Stefan Stefansson.vcf>> 

View raw message