tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: AW: "Buffer overflow" in 4.1.24
Date Wed, 09 Apr 2003 11:29:35 GMT
I think you'll want to upgrade to 1.2.2
http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.2/

I thought 1.2.0 (or 1?) had a security exploit in it.

-Tim

Andreas Drechsler wrote:
> It's version 1.2.0, installed from the jpackage-RPM:
> mod_jk-ap13-1.2.0-1jpp
> 
> Checksum: e27468e31dadda994edadb8370d009ba  mod_jk.so
> 
> -----Urspr√ľngliche Nachricht-----
> Von: news [mailto:news@main.gmane.org] Im Auftrag von Bill Barker
> Gesendet: Mittwoch, 9. April 2003 11:06
> An: tomcat-user@jakarta.apache.org
> Betreff: Re: "Buffer overflow" in 4.1.24
> 
> 
> It looks like a problem in the native side of the connector.  A
> compliant
> Ajp connector would never send a packet size > 8K.  Which native version
> of
> mod_jk are you using?
> 
> "Andreas Drechsler" <andreas.drechsler@reflact.com> wrote in message
> news:80944A9A3CCCD411861C00E07D85A62F551223@MARGHERITA...
> Hi,
> 
> at first thankyou for your discussion but I'm afraid the trouble has
> just started... ;-)
> 
> At first I started connecting Tomcat 4.1.24 with the new CoyoteConnector
> (since it is default
> in package; see server.xml excerpt below) but using Coyote, on
> submitting it generates
> this error in catalina.out: [IMO similar to other error but without
> stack trace]
> 
> <<< Excerpt from catalina.out >>>
> 472045 [Thread-11] ERROR common.MsgAjp  - Buffer overflow:
> buffer.len=8192 pos=25 data=11745
> 41 42 00 02 04 01 2e 00                          | AB......
>                                                  |
> <<< ------------------------ >>>
> 
> AND redirects to this URL in browser:
> "http://192.168.1.250/sphere/news/ERROR"
> with "192.168.1.250" being the host and "/sphere/news" being the webapp
> path.
> The "ERROR" is obviously appended either by tomcat or by the connector.
> 
> Even more interesting (now coming to think of it), uploading documents
> (>> 8K) in multipart mode
> works flawlessly with both connectors!
> 
> This is the connector config I used at first and got the error above:
> <<< Excerpt from the 4.1.24 server.xml >>>
>     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>                port="8009" minProcessors="5" maxProcessors="75"
>                enableLookups="yes" redirectPort="8443"
>                acceptCount="10" debug="0" connectionTimeout="0"
>                useURIValidationHack="false"
> 
> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
> <<< ------------------------ >>>
> 
> This is the connector config I used afterwards and reported the error
> yesterday (= I tried
> fallback to older connector). Now it is commented out as it has been
> before:
> <<< Excerpt from the 4.1.24 server.xml >>>
>     <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
>                port="8009" minProcessors="5" maxProcessors="75"
>                acceptCount="10" debug="0"/>
> <<< ------------------------ >>>
> 
> 
> For reference, the "old", production Tomcat version with everything
> working is 4.0.3 with the old
> Ajp13Connector.
> 
> TIA for your help again
> Andreas Drechsler
> 
> -----Urspr√ľngliche Nachricht-----
> Von: Tim Funk [mailto:funkman@joedog.org]
> Gesendet: Dienstag, 8. April 2003 15:09
> An: Tomcat Users List
> Betreff: Re: "Buffer overflow" in 4.1.24
> 
> 
> I hope the original poster (Andreas) will clarify but here's what I
> assumed
> from the message below:
> 
> Andreas used:
>   - Tomcat 4.0.? - ALL OK (Probably using older AJP connector)
>   - Tomcat 4.1.24 - Gets buffer overflow. But the stack trace shows use
> of
> the older AJP connector, not Coyote. (I am guessing)
> 
> 
> -Tim
> 
> John Turner wrote:
> 
>>Why would it work on one system but not the other?  That indicates to
> 
> me
> 
>>an external variable.
>>
>>John
>>
>>On Tue, 08 Apr 2003 08:48:12 -0400, Tim Funk <funkman@joedog.org>
> 
> wrote:
> 
>>>Actually Ajp13Packet.appendBytes() calls System.arraycopy() so it
>>>could be a tomcat problem with respect to incorrect bounds checking.
>>>But really ...
>>>
>>>It looks like you are trying to use the older(deprecated) AJP
>>>connectors with 4.1.24 instead of Coyote. Try using the Coyote
>>>connectors and check if the error still appears.
>>>
>>>-Tim
>>>
>>>John Turner wrote:
>>>
>>>
>>>>Did you compare JVM versions with the other system that is working?
> 
> 
>>>>Your error is in a native method, not Tomcat or the connector:
>>>>
>>>>java.lang.ArrayIndexOutOfBoundsException
>>>>at java.lang.System.arraycopy(Native Method)
>>>>
>>>>John
>>>>
>>>>On Tue, 08 Apr 2003 12:41:58 +0200, Andreas Drechsler
>>>><andreas.drechsler@reflact.com> wrote:
>>>>
>>>>
>>>>>Hi,
>>>>>
>>>>>I'm setting up a test server with new Tomcat 4.1.24 (running Linux
>>>>>Mandrake 9 and current packages from jpackage.org, Tomcat is
>>>>>connected to Apache 1.3 with mod_jk) and on testing our
> 
> applications
> 
>>>>>I got the following error message on sending large submit requests
>>>>>(method="post") to the server (actual case: a larger news article
>>>>>sent to the webapp in order to store it in a db)
>>>>>
>>>>>Buffer overflow 8192 66 11511
>>>>>java.lang.ArrayIndexOutOfBoundsException
>>>>>at java.lang.System.arraycopy(Native Method)
>>>>>at org.apache.ajp.Ajp13Packet.appendBytes(Ajp13Packet.java:328)
>>>>>at org.apache.ajp.Ajp13Packet.appendString(Ajp13Packet.java:285)
>>>>>at
> 
> org.apache.ajp.RequestHandler.sendHeader(RequestHandler.java:781)
> 
>>>>>at org.apache.ajp.Ajp13.sendHeader(Ajp13.java:371)
>>>>>at
>>>>>
> 
> org.apache.ajp.tomcat4.Ajp13Response.sendHeaders(Ajp13Response.java:178)
> 
> 
>>>>>at
>>>>>
> 
> org.apache.catalina.connector.HttpResponseBase.finishResponse(Unknown
> 
>>>>>Source)
>>>>>at
>>>>>
> 
> org.apache.ajp.tomcat4.Ajp13Response.finishResponse(Ajp13Response.java:1
> 91)
> 
>>>>>
>>>>>
>>>>>
>>>>>at
>>>>>
> 
> org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:488)
> 
>>>>>at
> 
> org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:585)
> 
>>>>>at java.lang.Thread.run(Thread.java:536)
>>>>>
>>>>>Our older application servers work with Tomcat 4.0.x and a mod_jk
>>>>>connector of the same age (or even older) flawlessly.
>>>>>
>>>>>Anyone an idea what might be wrong? (What config files or other
>>>>>stuff do you need to say more about it?)
>>>>>
>>>>>TIA
>>>>>Andreas Drechsler
>>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message