tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Dumoulin <ch...@blaze.io>
Subject Re: Problem with merged responses - possibly a reused Response or OutputBuffer
Date Wed, 13 Apr 2011 11:31:45 GMT
Actually, I saw that notice and tried Tomcat 7.0.12, but saw the same behaviour. I should have
mentioned that before.
So, I think this is a different issue.

- Chris

On April 13, 2011 07:27:51 am André Warnier wrote:
> Hi.
> 
> An earlier message to this list [[SECURITY] CVE-2011-1475 Apache Tomcat information 
> disclosure] /may/ have something to do with this.
> (It talks only about the HTTP connector, but also about content mixup with async requests,

> so maybe there is a link)
> 
> Chris Dumoulin wrote:
> > I'm seeing an intermittent problem with my webapp where a request is sent and the
response contains 8184 bytes from some other response followed by the correct response.
> > 
> > The setup being used is Nginx 0.8.54 reverse proxying to Tomcat 7.0.11.  AJP is
the protocol between Nginx and Tomcat.
> > The webapp in Tomcat is doing Servlet 3.0 async requests.
> > 
> > This issue is extremely difficult to reproduce and at this point I'm not sure if
the problem is in the webapp, Tomcat, or Nginx.
> > I know that 8184 bytes is the size of an AJP packet, and in Tomcat's org.apache.catalina.connector.Response,
I see the following code:
> > 
> >         if("AJP/1.3".equals(connector.getProtocol())) {
> >             // default size to size of one ajp-packet
> >             outputBuffer = new OutputBuffer(8184);
> >         }
> > 
> > So, right now I'm following the theory that something is being reused in Tomcat
without having been properly completed or recycled. Obviously it's most likely that this is
an application bug.
> > 
> > Does anyone have any ideas about what kind of problem in the application could cause
this behaviour, or other ideas about what the cause might be?
> > 
> > Thanks,
> > Chris
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message