subject:"\[Bug 57509\] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException"

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-02-10 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

Shelson Ferrari supo...@vitplay.com changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|FIXED   |---

--- Comment #7 from Shelson Ferrari supo...@vitplay.com ---
 - 4 bytes added is the correct fixe ?


The method sendHeader --

write(name);
headerBuffer[pos++] = Constants.COLON;
headerBuffer[pos++] = Constants.SP;
write(value);
headerBuffer[pos++] = Constants.CR;
headerBuffer[pos++] = Constants.LF;

call the method write(MessageBytes mb) 2 times and at the end of this method,
call the method write(mb.getByteChunk()

this method call checkLengthBeforeWrite(length)

In the first call write(name) -- 
this block that increments 2 positions is not called
headerBuffer[pos++] = Constants.COLON;
headerBuffer[pos++] = Constants.SP;


The class AbstractHttp11Processor method private void prepareResponse()
call the class AOB --
int size = headers.size();
for (int i = 0; i  size; i++) {
getOutputBuffer().sendHeader(headers.getName(i), headers.getValue(i));
}
getOutputBuffer().endHeaders();



in other words, I believe:


the method checkLengthBeforeWrite in the first call 
if (pos + length  headerBuffer.length)

the method checkLengthBeforeWrite in the second call 
if (pos + length + 2  headerBuffer.length)

and if have a third scan after getOutputBuffer().endHeaders() - there is no
such verification - and also would not make sense
if (pos + length + 4  headerBuffer.length)

and would be after getOutputBuffer().endHeaders()


Please check.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-02-10 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

Mark Thomas ma...@apache.org changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

--- Comment #8 from Mark Thomas ma...@apache.org ---
(In reply to Shelson Ferrari from comment #7)
  - 4 bytes added is the correct fixe ?

Yes.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-02-05 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

--- Comment #6 from Konstantin Kolinko knst.koli...@gmail.com ---
Fixed in Tomcat 7 by r1657591, will be in 7.0.60 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-02-04 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

--- Comment #4 from Konstantin Kolinko knst.koli...@gmail.com ---
(In reply to yangkun from comment #3)

Your diagnosis is wrong. We are not talking about request here. It is response
(the status line of a HTTP response) that does not fit the buffer used by
status line and HTTP headers.

Generally, AbstractOutputBuffer.write(..) methods do perform a length check,
but numerous  headerBuffer[pos++] = (COLON|SP|CR|LF)  do not.

A simple fix may be to change AOB.checkLengthBeforeWrite(int length) method to
assume that the usable buffer length is less by 4 bytes. There are no more than
4 bytes added directly to the buffer after the write.

(4 = 2 bytes for CR-LF + 2 bytes for CR-LF added by AOB.endHeaders())


The result will be that the checkLengthBeforeWrite() method will throw a
org.apache.coyote.http11.HeadersTooLargeException  (a subclass of an
IllegalStateException), essentially resulting in the same server-side error.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-02-04 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

--- Comment #3 from yangkun yklovej...@163.com ---
  If check the maxHttpHeaderSize careful, the error may be subdivide the
following cases:

  1. the request uri more than maxHttpHeaderSize, it should be a 414-request
url too long
  2. the request entity more than maxHttpHeaderSize, it should be a 413-request
entity too large

  I think in this respect, Tomcat can be do better, :)

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-02-04 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

Konstantin Kolinko knst.koli...@gmail.com changed:

   What|Removed |Added

 Resolution|WONTFIX |FIXED

--- Comment #5 from Konstantin Kolinko knst.koli...@gmail.com ---
Fixed in trunk and Tomcat 8 (r1657460), will be in 8.0.19 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-02-03 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

--- Comment #2 from Christopher Schultz ch...@christopherschultz.net ---
It might be nice to do bounds-checking (or not) and use an application
exception instead of AAOOBE. Getting an AAOOBE usually indicates to me that
there is a software flaw, not a data flaw.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

2015-01-28 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=57509

Remy Maucherat r...@apache.org changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX
 OS||All

--- Comment #1 from Remy Maucherat r...@apache.org ---
The exception corresponds to what is actually occurring, so it looks fine to me
as is.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

[Bug 57509] maxHttpHeaderSize maybe case ArrayIndexOutOfBoundsException

8 matches

Site Navigation

Mail list logo

Footer information