tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException
Date Thu, 05 Feb 2015 02:25:04 GMT

--- Comment #4 from Konstantin Kolinko <> ---
(In reply to yangkun from comment #3)

Your diagnosis is wrong. We are not talking about request here. It is response
(the status line of a HTTP response) that does not fit the buffer used by
status line and HTTP headers.

Generally, AbstractOutputBuffer.write(..) methods do perform a length check,
but numerous  headerBuffer[pos++] = (COLON|SP|CR|LF)  do not.

A simple fix may be to change AOB.checkLengthBeforeWrite(int length) method to
assume that the usable buffer length is less by 4 bytes. There are no more than
4 bytes added directly to the buffer after the write.

(4 = 2 bytes for CR-LF + 2 bytes for CR-LF added by AOB.endHeaders())

The result will be that the checkLengthBeforeWrite() method will throw a
org.apache.coyote.http11.HeadersTooLargeException  (a subclass of an
IllegalStateException), essentially resulting in the same server-side error.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message