[
https://issues.apache.org/jira/browse/HTTPCLIENT-732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12562596#action_12562596
]
Ortwin Glück commented on HTTPCLIENT-732:
-----------------------------------------
"API compatible" means: if an application uses HttpClient 3.1 it should not
break with your patch included (i.e. 3.2). Do not worry about 4.0 as it is a
very different API anyway. For the 4.0 code base please see
http://hc.apache.org/httpcomponents-client/httpclient/source-repository.html
> Corrupted chunk-size field can cause OutOfMemory exception on
> ChunkedInputStream
> --------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-732
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-732
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 3.1 Final
> Reporter: Alex Holmes
> Attachments: ChunkedInputStream.java.diffu, HttpGet.java,
> HttpMethodParams.java.diffu, TestStreams.java.diffu
>
>
> The ChunkedInputStream.getChunkSizeFromInputStream method keeps reading the
> chunk-size+extension line until it reaches the end of the line. However with
> corrupted chunked lines of sufficient size, it keeps reading content into the
> ByteArrayOutputStream until an OutOfMemory exception occurs.
> I'm attaching a test client which demonstrates this behavior. An example of
> a URL with a corrupted chunk-size line that causes this exception is here:
> http://www.pepoweb.com/gallery/
> It would be useful to have a mechanism by which the max length for both the
> chunk-size and chunk-extension fields can be configured. I'm attaching diff
> patches that provide two additional configurable parameters enabling a max
> byte size for both fields, along with unit tests to test the changes.
> The patches are based off the 3.0.1 codebase - if there's interest in this
> fix, I'll be happy to generate diff's for newer codebases.
> ChunkedInputStream - now throws IOException if max limits on
> chunk-size/chunk-extension fields are supplied
> HttpMethodParams - two additional configurables to set max limits on
> chunk-size/chunk-extension fields (defaults are unlimited)
> TestStreams - two new methods to test the max chunk-size/chunk-extension
> behavior of the ChunkedInputStream
> A key point is that this code is backwards compatible; the default behavior
> of the ChunkedInputStream is unchanged (unlimited # of bytes read for
> chunk-size/chunk-extension fields).
> Thanks,
> Alex
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
