tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: mod_jk 1.2.10 and tomcat 5.5.9 buffer overflow
Date Fri, 15 Jul 2005 03:24:13 GMT

"Collin McClendon" <collin.mcclendon@digiconasp.com> wrote in message 
news:42D6C5C2.5080801@digiconasp.com...
> I've enabled the logging per your suggestions, and not having heard back 
> in a bit, I was hoping someone could clue in to why I get plenty of FINE 
> messages for org.apache.jk.common.MsgAjp,  but no  longer get SEVERE 
> messages.  I'm also trying consistently crash mod_jk, but not having much 
> luck, OpenCMS is the webapp invovled here, I haven't gotten any feed back 
> from their dev list.

You get plenty of FINE messages, since those are primarily for developers 
trying to understand the protocol traffic ;-).  You haven't gotten SEVERE 
messages for the simple reason that none of them have been triggered.  (as 
an aside, MsgAjp only currently logs at either SEVERE or FINE).

As Remy mentions below, the most likely problems are with a 'Set-Cookie' 
header (with a ridiculously big cookie), or with a 'Location' header (from a 
sendRedirect with a ridiculously big query-string).  Personally, I'm betting 
on the second (since the Response body was less than 8K).  In any case, this 
is starting to border on [OT] for this list, and may be better continued on 
tomcat-user@jakarta.apache.org.  Don't worry, both Remy an me lurk there 
;-).

> Thanks,
> Collin
>
>
> Remy Maucherat wrote:
>
>> Bill Barker wrote:
>>
>>> The message is simply that you have a header value that is too big for 
>>> the
>>> AJP/1.3 protocol to handle.  If you enable DEBUG logging for
>>> org.apache.jk.common.MsgAjp, you should get a dump of the partial data 
>>> that
>>> should include the name of the bad header.
>>
>>
>> Given the line, it could be a monster header value, possibly a cookie 
>> (the size is 18KB, which is way over the AJP/1.3 capabilities).
>>
>> Rémy (with the neophyte AJP developer hat on)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>>
>
> -- 
> Collin McClendon
> Sr. Microsoft Systems Engineer
> Digicon Corporation
> collin.mcclendon@digiconasp.com 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message