Trying again. What's the trick to getting past the Apache spam filter????
From: Jason Smith
Sent: Monday, April 06, 2009 11:38 AM
To: 'dev@tomcat.apache.org'
Subject: RE: Help with a Tomcat bug.
Trying again. Spam filter seems to hate me.
From: Jason Smith
Sent: Monday, April 06, 2009 11:08 AM
To: 'dev@tomcat.apache.org'
Subject: RE: Help with a Tomcat bug.
More info. In InternalInputBuffer.nextRequest(), I noticed there is code to
pull remaining bytes into the current buffer before switching.
/**
* End processing of current HTTP request.
* Note: All bytes of the current request should have been already
* consumed. This method only resets all the pointers so that we are ready
* to parse the next HTTP request.
*/
public void nextRequest()
throws IOException {
// Recycle Request object
request.recycle();
// Determine the header buffer used for next request
byte[] newHeaderBuf = null;
if (buf == headerBuffer1) {
newHeaderBuf = headerBuffer2;
} else {
newHeaderBuf = headerBuffer1;
}
// Copy leftover bytes from buf to newHeaderBuf
System.arraycopy(buf, pos, newHeaderBuf, 0, lastValid - pos);
if(lastValid-pos > 0)
{
System.out.println("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
System.out.println("'" + new String(Arrays.copyOf(newHeaderBuf,
lastValid - pos), "US-ASCII") + "'");
}
// Swap buffers
buf = newHeaderBuf;
// Recycle filters
for (int i = 0; i <= lastActiveFilter; i++) {
activeFilters[i].recycle();
}
// Reset pointers
lastValid = lastValid - pos;
pos = 0;
lastActiveFilter = -1;
parsingHeader = true;
swallowInput = true;
}
I am seeing something like this at one point:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
'POST /dh/services/jmap/__exists__ HTTP/1.1
But I am also seeing this where this problem is cropping up:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
'0
'
Anyone got any ideas on how to fix this? Data from one POST is being carried
over to the next POST!!!!!
From: Jason Smith
Sent: Monday, April 06, 2009 10:16 AM
To: 'dev@tomcat.apache.org'
Subject: Help with a Tomcat bug.
When using .setChunkedStreamingMode(...) from the client, I was getting back an
invalid method name in my servlet. Specifically, in the overridden service()
method, the request.getMethod() was returning '0\n\nPOST'.
I've tracked this all the way into
org.apache.coyote.http11.InternalInputBuffer.
In .parseRequestLine, the first thing it does is consume leading CRs and LFs.
Well, the first line I am getting is '0\n'. So it won't consume that line.
The next step parses to the next SPACE character. So it picks up the 0, the
CRs and LFs, all the way to the end of POST.
The bottom line is that at this point, in this method, the HTTP method name is
already messed up.
Should this be fixed in this method, or is there a better place?
One quick fix:
byte chr = 0;
do {
// Read new bytes if needed
if (pos >= lastValid) {
if (!fill())
throw new EOFException(sm.getString("iib.eof.error"));
}
chr = buf[pos++];
} while ((chr == Constants.CR) || (chr == Constants.LF) || (chr ==
'0'));
I simply check for the '0' character as well. This is a bit of a hack, but I
don't know the code well enough to know if the leading '0' (which I believe is
the last line from a previous chunked POST) is supposed to be there or not.
Any help would be appreciated.
Tomcat 5.5.27, Java 6u13.
Jason Smith
Software Engineer
InfoTrust Group, Inc.
