https://issues.apache.org/bugzilla/show_bug.cgi?id=57509
--- Comment #4 from Konstantin Kolinko <knst.koli...@gmail.com> --- (In reply to yangkun from comment #3) Your diagnosis is wrong. We are not talking about request here. It is response (the status line of a HTTP response) that does not fit the buffer used by status line and HTTP headers. Generally, AbstractOutputBuffer.write(..) methods do perform a length check, but numerous headerBuffer[pos++] = (COLON|SP|CR|LF) do not. A simple fix may be to change AOB.checkLengthBeforeWrite(int length) method to assume that the usable buffer length is less by 4 bytes. There are no more than 4 bytes added directly to the buffer after the write. (4 = 2 bytes for CR-LF + 2 bytes for CR-LF added by AOB.endHeaders()) The result will be that the checkLengthBeforeWrite() method will throw a org.apache.coyote.http11.HeadersTooLargeException (a subclass of an IllegalStateException), essentially resulting in the same server-side error. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org