tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException
Date Thu, 05 Feb 2015 02:25:04 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

--- Comment #4 from Konstantin Kolinko <knst.kolinko@gmail.com> ---
(In reply to yangkun from comment #3)

Your diagnosis is wrong. We are not talking about request here. It is response
(the status line of a HTTP response) that does not fit the buffer used by
status line and HTTP headers.

Generally, AbstractOutputBuffer.write(..) methods do perform a length check,
but numerous  headerBuffer[pos++] = (COLON|SP|CR|LF)  do not.

A simple fix may be to change AOB.checkLengthBeforeWrite(int length) method to
assume that the usable buffer length is less by 4 bytes. There are no more than
4 bytes added directly to the buffer after the write.

(4 = 2 bytes for CR-LF + 2 bytes for CR-LF added by AOB.endHeaders())


The result will be that the checkLengthBeforeWrite() method will throw a
org.apache.coyote.http11.HeadersTooLargeException  (a subclass of an
IllegalStateException), essentially resulting in the same server-side error.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message