DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25468>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25468 Unchecked response header length can cause HttpClient to loop endlessly ------- Additional Comments From [EMAIL PROTECTED] 2003-12-12 12:08 ------- Oleg, HttpClient's current behaviour can result in an OutOfMemoryError, which is surely unwanted (not to forget that big, unnecessary network traffic is generated in the meantime) - and the new checks do not impact HttpClient's performance. Moreover, the problem really can not only arise with bad HTTP servers, but also with lousily programmed PHP scripts. Therefore, I think this is relevant for the stock version. The presented patch addresses exactly one problem (as opposed to the previously discussed LimitedInputStream-workaround). You might also test some real-life browsers with the TestBadResponseHeader unit. My tests show that Mozilla 1.4 will stop fetching when infintely long lines are detected; Internet Explorer stops after detecting infintely folded headers. However introducing a custom HttpParser would be an alternative solution. Then, I would tend to include both variants (standard and suggested one) into the standard distributions. Therefore, instead of setting three Integer-parameters in HttpMethodParams, one parameter would suffice. Christian --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]