tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject bug in ChunkedInputFilter
Date Thu, 13 Jul 2006 03:09:16 GMT
gents, I know, back again, and totally bastardizing the HTTP protocol,

I have a test request that looks like this:
----------------------------------
POST /comet HTTP/1.1CRLF
User-Agent: Jakarta Commons-HttpClient/3.0.1CRLF
Host: 127.0.0.1:8080CRLF
Transfer-Encoding: chunkedCRLF
CRLF
10CRLF
test data test 1CRLF
---------------------------------------

If I keep sending up
---------------------------------------
10CRLF
test data test 1CRLF
---------------------------------------

we are all happy, however, if I bastardize the next request and send up 
the same request twice, so the 2nd request of the HTTP request above 
becomes the body of the first chunked request, then suddenly the chunked 
input filter will set its remaining bytes to over 50k remaining bytes, 
and everything gets streamed into the servlet.

The ChunkedInputFilter is written to handle correct chunks very well, 
but when incorrect chunked bodies come through, it passes all the 
content through, instead of throwing an error.

If no one objects, I would like to add in some error checking, even 
though it is the clients responsibility to provide correct data, the web 
server should not let incorrect data through as that could be a semi 
http buffer overflow :)

Filip


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message