[
https://issues.apache.org/jira/browse/HTTPCLIENT-732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Holmes reopened HTTPCLIENT-732:
------------------------------------
Given that the 4.0 RC is towards the end of the year, wouldn't it be worthwhile
creating the patch? My diff files above were created against the 3.0.1
codebase, but I'll be happy to put in the work to create an "API compatible
patch" (I'm assuming you mean use the 4.0 version methods to be forward
compatible), and I can modify my existing unit tests.
If I can get read access to the 4.0 codebase I'm willing to put in the work.
> Corrupted chunk-size field can cause OutOfMemory exception on
> ChunkedInputStream
> --------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-732
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-732
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 3.1.1
> Reporter: Alex Holmes
> Attachments: ChunkedInputStream.java.diffu, HttpGet.java,
> HttpMethodParams.java.diffu, TestStreams.java.diffu
>
>
> The ChunkedInputStream.getChunkSizeFromInputStream method keeps reading the
> chunk-size+extension line until it reaches the end of the line. However with
> corrupted chunked lines of sufficient size, it keeps reading content into the
> ByteArrayOutputStream until an OutOfMemory exception occurs.
> I'm attaching a test client which demonstrates this behavior. An example of
> a URL with a corrupted chunk-size line that causes this exception is here:
> http://www.pepoweb.com/gallery/
> It would be useful to have a mechanism by which the max length for both the
> chunk-size and chunk-extension fields can be configured. I'm attaching diff
> patches that provide two additional configurable parameters enabling a max
> byte size for both fields, along with unit tests to test the changes.
> The patches are based off the 3.0.1 codebase - if there's interest in this
> fix, I'll be happy to generate diff's for newer codebases.
> ChunkedInputStream - now throws IOException if max limits on
> chunk-size/chunk-extension fields are supplied
> HttpMethodParams - two additional configurables to set max limits on
> chunk-size/chunk-extension fields (defaults are unlimited)
> TestStreams - two new methods to test the max chunk-size/chunk-extension
> behavior of the ChunkedInputStream
> A key point is that this code is backwards compatible; the default behavior
> of the ChunkedInputStream is unchanged (unlimited # of bytes read for
> chunk-size/chunk-extension fields).
> Thanks,
> Alex
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
