tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: bug in ChunkedInputFilter
Date Thu, 13 Jul 2006 14:42:59 GMT
Remy Maucherat wrote:
> Filip Hanik - Dev Lists wrote:
>> gents, I know, back again, and totally bastardizing the HTTP protocol,
>>
>> I have a test request that looks like this:
>> ----------------------------------
>> POST /comet HTTP/1.1CRLF
>> User-Agent: Jakarta Commons-HttpClient/3.0.1CRLF
>> Host: 127.0.0.1:8080CRLF
>> Transfer-Encoding: chunkedCRLF
>> CRLF
>> 10CRLF
>> test data test 1CRLF
>> ---------------------------------------
>>
>> If I keep sending up
>> ---------------------------------------
>> 10CRLF
>> test data test 1CRLF
>> ---------------------------------------
>>
>> we are all happy, however, if I bastardize the next request and send 
>> up the same request twice, so the 2nd request of the HTTP request 
>> above becomes the body of the first chunked request, then suddenly 
>> the chunked input filter will set its remaining bytes to over 50k 
>> remaining bytes, and everything gets streamed into the servlet.
>>
>> The ChunkedInputFilter is written to handle correct chunks very well, 
>> but when incorrect chunked bodies come through, it passes all the 
>> content through, instead of throwing an error.
>>
>> If no one objects, I would like to add in some error checking, even 
>> though it is the clients responsibility to provide correct data, the 
>> web server should not let incorrect data through as that could be a 
>> semi http buffer overflow :)
>
> The only thing which determines if a chunk is correct is if the chunk 
> length is valid and readable. The parseChunkHeader method includes the 
> ability to return false and throw an IOE if an invalid header is 
> received.
yes, and there is where the bug lies, it doesn't throw an IOException 
when it gets an invalid header, I'll fix it and submit the patch for 
review so that we can get it taken care of.

Filip

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message