tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteConnector.java CoyoteRequest.java LocalStrings.properties
Date Sun, 16 Nov 2003 10:19:44 GMT
Bill Barker wrote:
>>remm        2003/11/15 01:45:02
>>
>>  Modified:    catalina/src/share/org/apache/coyote/tomcat5
>>                        CoyoteConnector.java CoyoteRequest.java
>>                        LocalStrings.properties
>>  Log:
>>  - Add a limit to the size of a POST which will be processed using
> 
> getParameter
> 
>>    (which does allocate a significant amount of objects).
>>
>>           int len = getContentLength();
>>
>>           if (len > 0) {
>>  +            if (len > ((CoyoteConnector) connector).getMaxPostSize()) {
>>  +                log(sm.getString("coyoteRequest.postTooLarge"));
>>  +                return;
>>  +            }
>>               try {
>>                   byte[] formData = null;
>>                   if (len < CACHED_POST_LEN) {
>>
> 
> 
> I'm -1 on this.  It gives the Servlet no indication that anything is wrong,
> and leaves junk in the input stream for the next keep-alive request.  I
> think that it would be better to handle this in the Adaptor's
> postParseRequest method.

This is a security issues, so I'll have to ignore your -1, since you 
give no alternative solution.

Remy



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message