[jira] [Closed] (HTTPCORE-472) incorrect "Maximum line length limit exceeded" detection is possible

Fri, 16 Jun 2017 02:13:14 -0700 

     [ 
https://issues.apache.org/jira/browse/HTTPCORE-472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Artem Nakonechnyy closed HTTPCORE-472.
--------------------------------------

> incorrect "Maximum line length limit exceeded" detection is possible
> --------------------------------------------------------------------
>
>                 Key: HTTPCORE-472
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-472
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4.6
>            Reporter: Artem Nakonechnyy
>            Assignee: Oleg Kalnichevski
>             Fix For: 4.4.7, 5.0-alpha4
>
>
> the error is in 
> org.apache.http.impl.io.SessionInputBufferImpl#readLine(org.apache.http.util.CharArrayBuffer)
> {code}
> if (maxLineLen > 0) {
>                 final int currentLen = this.linebuffer.length()
>                         + (pos > 0 ? pos : this.bufferlen) - this.bufferpos;
>                 if (currentLen >= maxLineLen) {
>                     throw new MessageConstraintException("Maximum line length 
> limit exceeded");
>                 }
>             }
> {code}
> If LF chanced to be at the beginning of the buffer, {{currentLen}} is 
> calculated incorrectly. It should be {{this.linebuffer.length() + pos - 
> this.bufferpos}}, so, effectively {{this.linebuffer.length() + 0 - 0}}.
> E.g. if maxLineLen=10000, buffer.length=8192 (the default setting), a line is 
> 9000, then it doesn't fit the buffer, thus it's 1st part is read into 
> {{linebuffer}}, 2nd part is read into {{buffer}}. If the 9000 line's 
> terminating LF chances to be the 1st char of that buffer, and after that line 
> it follows more header data, say, exceeding 8192 bytes - then the code 
> calculates {{currentLen = linebuffer.length() + bufferlen - bufferpos = 9000+ 
> 8192 - 0}} > 10000, while actual line length is just 9000.
> I think the fix is to replace {{(pos > 0 ? pos : this.bufferlen)}} to {{(pos 
> > -1 ? pos : this.bufferlen)}}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to