[ https://issues.apache.org/jira/browse/DIRMINA-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12558916#action_12558916 ]
Trustin Lee commented on DIRMINA-505: ------------------------------------- I've just checked in a possible fix. Could you test if it doesn't cause OOM anymore or not? Additionally, any jmap dump file is appreciated. > OOM errors when handling badly formed HTTP requests > --------------------------------------------------- > > Key: DIRMINA-505 > URL: https://issues.apache.org/jira/browse/DIRMINA-505 > Project: MINA > Issue Type: Bug > Components: Protocol - HTTP, Statemachine > Affects Versions: 2.0.0-M2 > Reporter: Luis Neves > > Badly formed HTTP Requests can make the HTTP decoder to cause OOM errors. > The following request captured with the command "tcpdump -nnASs 0 'dst port > 80'" is an example of such request (beware wrapping): > ********************************************** > 21:26:55.828483 IP 83.174.45.34.59872 > 213.13.146.84.80: S > 3131042262:3131042262(0) win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp > 13682342 0> > .T...P........................... > ........ > 21:26:55.828606 IP 89.181.19.190.64449 > 213.13.146.84.80: . ack 4109384713 > win 16407 > .T...Py'....<[EMAIL PROTECTED] > 21:26:55.837645 IP 83.174.45.34.59872 > 213.13.146.84.80: . ack 12756759 win > 65535 <nop,nop,timestamp 13682342 221364412> > .T...P................... > 1... > 21:26:55.838271 IP 82.155.88.187.3485 > 213.13.146.84.80: . ack 4268305021 > win 17021 > ..Pe....i*}P.B}.....|........ > 21:26:55.838317 IP 83.174.45.34.59872 > 213.13.146.84.80: P > 3131042263:3131043023(760) ack 12756759 win 65535 <nop,nop,timestamp 13682342 > 221364412> > .T...P............]...... > 1..GET /analytics.js HTTP/1.1 > Host: wa.sl.pt > Pragma: no-cache > accept-language: pt > ua-os: Windows CE (Smartphone) - Version 5.2 > ua-color: color16 > x-wap-profile: "http://www.htcmms.com.tw/gen/Volans-1.0.xml" > ua-voice: TRUE > referer: http://auto.sapo.pt/vehicleDetails.aspx > -- > user-agent: HTC_S730 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile > 7.6) > x-wsb-contextid: D51E281020EEAF0E > accept: application/vnd.wap.mms-message;*/*,*/*;q=0.001 > accept-charset: *;q=0.001 > accept-encoding: gzip,deflate,*;q=0.001 > Max-Forwards: 10 > Connection: Keep-Alive > X-BlueCoat-Via: 80B23F200A28D3DE > ********************************************** > Another source of problems are requests that have Header names but no Header > values, e.g: > ********************************************** > 21:12:36.953721 IP 87.103.25.114.4160 > 213.13.146.84.80: . ack 3029163034 > win 32224 > [EMAIL PROTECTED] > 21:12:37.060742 IP 89.26.250.104.4602 > 213.13.146.84.80: S > 2765090470:2765090470(0) win 16384 <mss 1360,nop,nop,sackOK> > [EMAIL PROTECTED] > 21:12:37.082011 IP 89.26.250.104.4602 > 213.13.146.84.80: . ack 3407385009 > win 17680 > .T...P........P.E..S............ > 21:12:37.090524 IP 89.26.250.104.4602 > 213.13.146.84.80: P > 2765090471:2765090506(35) ack 3407385009 win 17680 > .T...P........P.E.....GET /robots.txt HTTP/1.0 > Host: > ********************************************** > Notice the missing Host Header value. > My local fix for these issues was to use bounded collections in > HttpHeaderDecodingState to hold Header information and to add extra sanity > checks for header values, a better solution will probably fix the issue at > the "state machine level". > -- > Luis Neves -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.