tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Problem with merged responses - possibly a reused Response or OutputBuffer
Date Wed, 13 Apr 2011 11:27:51 GMT
Hi.

An earlier message to this list [[SECURITY] CVE-2011-1475 Apache Tomcat information 
disclosure] /may/ have something to do with this.
(It talks only about the HTTP connector, but also about content mixup with async requests,

so maybe there is a link)

Chris Dumoulin wrote:
> I'm seeing an intermittent problem with my webapp where a request is sent and the response
contains 8184 bytes from some other response followed by the correct response.
> 
> The setup being used is Nginx 0.8.54 reverse proxying to Tomcat 7.0.11.  AJP is the protocol
between Nginx and Tomcat.
> The webapp in Tomcat is doing Servlet 3.0 async requests.
> 
> This issue is extremely difficult to reproduce and at this point I'm not sure if the
problem is in the webapp, Tomcat, or Nginx.
> I know that 8184 bytes is the size of an AJP packet, and in Tomcat's org.apache.catalina.connector.Response,
I see the following code:
> 
>         if("AJP/1.3".equals(connector.getProtocol())) {
>             // default size to size of one ajp-packet
>             outputBuffer = new OutputBuffer(8184);
>         }
> 
> So, right now I'm following the theory that something is being reused in Tomcat without
having been properly completed or recycled. Obviously it's most likely that this is an application
bug.
> 
> Does anyone have any ideas about what kind of problem in the application could cause
this behaviour, or other ideas about what the cause might be?
> 
> Thanks,
> Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message