[jira] Created: (DIRMINA-505) OOM errors when handling badly formed HTTP requests

Sat, 29 Dec 2007 16:08:16 -0800 

OOM errors when handling badly formed HTTP requests
---------------------------------------------------

                 Key: DIRMINA-505
                 URL: https://issues.apache.org/jira/browse/DIRMINA-505
             Project: MINA
          Issue Type: Bug
          Components: Protocol - HTTP, Statemachine
    Affects Versions: 2.0.0-M2
            Reporter: Luis Neves


Badly formed HTTP Requests can make the HTTP decoder to cause OOM errors.
The following request captured with the command "tcpdump -nnASs 0 'dst port 
80'" is an example of such request (beware wrapping):


**********************************************

21:26:55.828483 IP 83.174.45.34.59872 > 213.13.146.84.80: S 
3131042262:3131042262(0) win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp 
13682342 0>
.T...P...........................
........
21:26:55.828606 IP 89.181.19.190.64449 > 213.13.146.84.80: . ack 4109384713 win 
16407
.T...Py'....<[EMAIL PROTECTED]
21:26:55.837645 IP 83.174.45.34.59872 > 213.13.146.84.80: . ack 12756759 win 
65535 <nop,nop,timestamp 13682342 221364412>
.T...P...................
1...
21:26:55.838271 IP 82.155.88.187.3485 > 213.13.146.84.80: . ack 4268305021 win 
17021
..Pe....i*}P.B}.....|........
21:26:55.838317 IP 83.174.45.34.59872 > 213.13.146.84.80: P 
3131042263:3131043023(760) ack 12756759 win 65535 <nop,nop,timestamp 13682342 
221364412>
.T...P............]......
1..GET /analytics.js HTTP/1.1
Host: wa.sl.pt
Pragma: no-cache
accept-language: pt
ua-os: Windows CE (Smartphone) - Version 5.2
ua-color: color16
x-wap-profile: "http://www.htcmms.com.tw/gen/Volans-1.0.xml";
ua-voice: TRUE
referer: http://auto.sapo.pt/vehicleDetails.aspx
--
user-agent: HTC_S730 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 
7.6)
x-wsb-contextid: D51E281020EEAF0E
accept: application/vnd.wap.mms-message;*/*,*/*;q=0.001
accept-charset: *;q=0.001
accept-encoding: gzip,deflate,*;q=0.001
Max-Forwards: 10
Connection: Keep-Alive
X-BlueCoat-Via: 80B23F200A28D3DE

**********************************************


Another source of problems are requests that have Header names but no Header 
values, e.g:

**********************************************

21:12:36.953721 IP 87.103.25.114.4160 > 213.13.146.84.80: . ack 3029163034 win 
32224
[EMAIL PROTECTED]
21:12:37.060742 IP 89.26.250.104.4602 > 213.13.146.84.80: S 
2765090470:2765090470(0) win 16384 <mss 1360,nop,nop,sackOK>
[EMAIL PROTECTED]
21:12:37.082011 IP 89.26.250.104.4602 > 213.13.146.84.80: . ack 3407385009 win 
17680
.T...P........P.E..S............
21:12:37.090524 IP 89.26.250.104.4602 > 213.13.146.84.80: P 
2765090471:2765090506(35) ack 3407385009 win 17680
.T...P........P.E.....GET /robots.txt HTTP/1.0
Host:

**********************************************

Notice the missing Host Header value.

My local fix for these issues was to use bounded collections in 
HttpHeaderDecodingState to hold Header information and to add extra sanity 
checks for header values, a better solution will probably fix the issue at the 
"state machine level".

--
Luis Neves

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to