tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44310] - Possible data packet corruption when sending data on the outputStream of a recycled response
Date Mon, 28 Jan 2008 20:55:05 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44310>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44310





------- Additional Comments From cpierret@sparus-software.com  2008-01-28 12:55 -------
Short explanation: 
Using this failure, a black hat could craft a malicious application in order to
write arbitrary data to a random connection in any web app in the same tomcat
instance.

Long explanation:
When developing asynchronous IO on top of tomcat, one need some kind of thread
pool writing asynchronously on sockets (through response's outputStream) and use
Comet API for reading.
When doing so, you need to track any error or exception that may occur and avoid
any thread writing as soon as any such error or exception occurs while reading
(say a mobile device disconnected due to bad cellular network condition).  It is
close to impossible to ensure such behavior (if you can prove me wrong,  you are
hired and will get big bonuses from me :-).  While in the process of running
stability and load testing on such an application, where we made a lot of effort
to avoid such bad behavior, we encountered rare cases that produced such bad
condition (using the outputstream from a recycled response) thus resulting in
data corruption in random other client connection.  It took several weeks to
find out why it was occurring and the consequences of such error is extremely
bad: "data corruption!". We still do not see how to avoid all cases that could
lead it to occur.

Furthermore, the patch is attached, simple (5 lines moved) and very unlikely to
introduce any regression.

I have no requirement to include it in 6.0.16 since I have a workaround (disable
recycling facades), but I think that other developers may encounter this kind of
issue and take a lot of time (one man month in our case) to find this same
workaround.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message