tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Drechsler <andreas.drechs...@reflact.com>
Subject Re: AW: "Buffer overflow" in 4.1.24
Date Wed, 09 Apr 2003 13:26:00 GMT
Okay, thank you Tim, I wanted to have a word with the JPackage packager 
anyway (tomcat startscript has a typo). ;-)

But... upgraded connector to 1.2.2, restarted everything and still the 
same behavior, on submitting large texts, webapp redirects to "ERROR" 
(big file upload per multipart still works, too) and catalina.out shows 
the following error:

216016 [Thread-8] ERROR common.MsgAjp  - Buffer overflow: 
buffer.len=8192 pos=25 data=11316
41 42 00 02 04 01 2e 00                          | AB......
                                                 |

Anyone having a clue what might cause this problem, how to cure it or 
how to avoid it?

(Should I perhaps try to recompile tomcat-connectors from source or is 
the problem located elsewhere?)

Andreas Drechsler

Tim Funk wrote:

> I think you'll want to upgrade to 1.2.2
> http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.2/
>
> I thought 1.2.0 (or 1?) had a security exploit in it.
>
> -Tim
>
> Andreas Drechsler wrote:
>
>> It's version 1.2.0, installed from the jpackage-RPM:
>> mod_jk-ap13-1.2.0-1jpp
>>
>> Checksum: e27468e31dadda994edadb8370d009ba  mod_jk.so
>>
>> -----Urspr├╝ngliche Nachricht-----
>> Von: news [mailto:news@main.gmane.org] Im Auftrag von Bill Barker
>> Gesendet: Mittwoch, 9. April 2003 11:06
>> An: tomcat-user@jakarta.apache.org
>> Betreff: Re: "Buffer overflow" in 4.1.24
>>
>>
>> It looks like a problem in the native side of the connector.  A
>> compliant
>> Ajp connector would never send a packet size > 8K.  Which native version
>> of
>> mod_jk are you using?
>>
>> "Andreas Drechsler" <andreas.drechsler@reflact.com> wrote in message
>> news:80944A9A3CCCD411861C00E07D85A62F551223@MARGHERITA...
>> Hi,
>>
>> at first thankyou for your discussion but I'm afraid the trouble has
>> just started... ;-)
>>
>> At first I started connecting Tomcat 4.1.24 with the new CoyoteConnector
>> (since it is default
>> in package; see server.xml excerpt below) but using Coyote, on
>> submitting it generates
>> this error in catalina.out: [IMO similar to other error but without
>> stack trace]
>>
>> <<< Excerpt from catalina.out >>>
>> 472045 [Thread-11] ERROR common.MsgAjp  - Buffer overflow:
>> buffer.len=8192 pos=25 data=11745
>> 41 42 00 02 04 01 2e 00                          | AB......
>>                                                  |
>> <<< ------------------------ >>>
>>
>> AND redirects to this URL in browser:
>> "http://192.168.1.250/sphere/news/ERROR"
>> with "192.168.1.250" being the host and "/sphere/news" being the webapp
>> path.
>> The "ERROR" is obviously appended either by tomcat or by the connector.
>>
>> Even more interesting (now coming to think of it), uploading documents
>> (>> 8K) in multipart mode
>> works flawlessly with both connectors!
>>
>> This is the connector config I used at first and got the error above:
>> <<< Excerpt from the 4.1.24 server.xml >>>
>>     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>>                port="8009" minProcessors="5" maxProcessors="75"
>>                enableLookups="yes" redirectPort="8443"
>>                acceptCount="10" debug="0" connectionTimeout="0"
>>                useURIValidationHack="false"
>>
>> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
>> <<< ------------------------ >>>
>>
>> This is the connector config I used afterwards and reported the error
>> yesterday (= I tried
>> fallback to older connector). Now it is commented out as it has been
>> before:
>> <<< Excerpt from the 4.1.24 server.xml >>>
>>     <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
>>                port="8009" minProcessors="5" maxProcessors="75"
>>                acceptCount="10" debug="0"/>
>> <<< ------------------------ >>>
>>
>>
>> For reference, the "old", production Tomcat version with everything
>> working is 4.0.3 with the old
>> Ajp13Connector.
>>
>> TIA for your help again
>> Andreas Drechsler
>>
>> -----Urspr├╝ngliche Nachricht-----
>> Von: Tim Funk [mailto:funkman@joedog.org]
>> Gesendet: Dienstag, 8. April 2003 15:09
>> An: Tomcat Users List
>> Betreff: Re: "Buffer overflow" in 4.1.24
>>
>>
>> I hope the original poster (Andreas) will clarify but here's what I
>> assumed
>> from the message below:
>>
>> Andreas used:
>>   - Tomcat 4.0.? - ALL OK (Probably using older AJP connector)
>>   - Tomcat 4.1.24 - Gets buffer overflow. But the stack trace shows use
>> of
>> the older AJP connector, not Coyote. (I am guessing)
>>
>>
>> -Tim
>>
>> John Turner wrote:
>>
>>> Why would it work on one system but not the other?  That indicates to
>>
>>
>> me
>>
>>> an external variable.
>>>
>>> John
>>>
>>> On Tue, 08 Apr 2003 08:48:12 -0400, Tim Funk <funkman@joedog.org>
>>
>>
>> wrote:
>>
>>>> Actually Ajp13Packet.appendBytes() calls System.arraycopy() so it
>>>> could be a tomcat problem with respect to incorrect bounds checking.
>>>> But really ...
>>>>
>>>> It looks like you are trying to use the older(deprecated) AJP
>>>> connectors with 4.1.24 instead of Coyote. Try using the Coyote
>>>> connectors and check if the error still appears.
>>>>
>>>> -Tim
>>>>
>>>> John Turner wrote:
>>>>
>>>>
>>>>> Did you compare JVM versions with the other system that is working?
>>>>
>>
>>
>>>>> Your error is in a native method, not Tomcat or the connector:
>>>>>
>>>>> java.lang.ArrayIndexOutOfBoundsException
>>>>> at java.lang.System.arraycopy(Native Method)
>>>>>
>>>>> John
>>>>>
>>>>> On Tue, 08 Apr 2003 12:41:58 +0200, Andreas Drechsler
>>>>> <andreas.drechsler@reflact.com> wrote:
>>>>>
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm setting up a test server with new Tomcat 4.1.24 (running Linux
>>>>>> Mandrake 9 and current packages from jpackage.org, Tomcat is
>>>>>> connected to Apache 1.3 with mod_jk) and on testing our
>>>>>
>>
>> applications
>>
>>>>>> I got the following error message on sending large submit requests
>>>>>> (method="post") to the server (actual case: a larger news article
>>>>>> sent to the webapp in order to store it in a db)
>>>>>>
>>>>>> Buffer overflow 8192 66 11511
>>>>>> java.lang.ArrayIndexOutOfBoundsException
>>>>>> at java.lang.System.arraycopy(Native Method)
>>>>>> at org.apache.ajp.Ajp13Packet.appendBytes(Ajp13Packet.java:328)
>>>>>> at org.apache.ajp.Ajp13Packet.appendString(Ajp13Packet.java:285)
>>>>>> at
>>>>>
>>
>> org.apache.ajp.RequestHandler.sendHeader(RequestHandler.java:781)
>>
>>>>>> at org.apache.ajp.Ajp13.sendHeader(Ajp13.java:371)
>>>>>> at
>>>>>>
>>
>> org.apache.ajp.tomcat4.Ajp13Response.sendHeaders(Ajp13Response.java:178)
>>
>>
>>>>>> at
>>>>>>
>>
>> org.apache.catalina.connector.HttpResponseBase.finishResponse(Unknown
>>
>>>>>> Source)
>>>>>> at
>>>>>>
>>
>> org.apache.ajp.tomcat4.Ajp13Response.finishResponse(Ajp13Response.java:1
>> 91)
>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> at
>>>>>>
>>
>> org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:488)
>>
>>>>>> at
>>>>>
>>
>> org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:585)
>>
>>>>>> at java.lang.Thread.run(Thread.java:536)
>>>>>>
>>>>>> Our older application servers work with Tomcat 4.0.x and a mod_jk
>>>>>> connector of the same age (or even older) flawlessly.
>>>>>>
>>>>>> Anyone an idea what might be wrong? (What config files or other
>>>>>> stuff do you need to say more about it?)
>>>>>>
>>>>>> TIA
>>>>>> Andreas Drechsler
>>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message