[jira] Commented: (DIRMINA-505) OOM errors when handling badly formed HTTP requests

Mon, 14 Jan 2008 20:44:04 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRMINA-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12558916#action_12558916
 ] 

Trustin Lee commented on DIRMINA-505:
-------------------------------------

I've just checked in a possible fix.  Could you test if it doesn't cause OOM 
anymore or not?  Additionally, any jmap dump file is appreciated.

> OOM errors when handling badly formed HTTP requests
> ---------------------------------------------------
>
>                 Key: DIRMINA-505
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-505
>             Project: MINA
>          Issue Type: Bug
>          Components: Protocol - HTTP, Statemachine
>    Affects Versions: 2.0.0-M2
>            Reporter: Luis Neves
>
> Badly formed HTTP Requests can make the HTTP decoder to cause OOM errors.
> The following request captured with the command "tcpdump -nnASs 0 'dst port 
> 80'" is an example of such request (beware wrapping):
> **********************************************
> 21:26:55.828483 IP 83.174.45.34.59872 > 213.13.146.84.80: S 
> 3131042262:3131042262(0) win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp 
> 13682342 0>
> .T...P...........................
> ........
> 21:26:55.828606 IP 89.181.19.190.64449 > 213.13.146.84.80: . ack 4109384713 
> win 16407
> .T...Py'....<[EMAIL PROTECTED]
> 21:26:55.837645 IP 83.174.45.34.59872 > 213.13.146.84.80: . ack 12756759 win 
> 65535 <nop,nop,timestamp 13682342 221364412>
> .T...P...................
> 1...
> 21:26:55.838271 IP 82.155.88.187.3485 > 213.13.146.84.80: . ack 4268305021 
> win 17021
> ..Pe....i*}P.B}.....|........
> 21:26:55.838317 IP 83.174.45.34.59872 > 213.13.146.84.80: P 
> 3131042263:3131043023(760) ack 12756759 win 65535 <nop,nop,timestamp 13682342 
> 221364412>
> .T...P............]......
> 1..GET /analytics.js HTTP/1.1
> Host: wa.sl.pt
> Pragma: no-cache
> accept-language: pt
> ua-os: Windows CE (Smartphone) - Version 5.2
> ua-color: color16
> x-wap-profile: "http://www.htcmms.com.tw/gen/Volans-1.0.xml";
> ua-voice: TRUE
> referer: http://auto.sapo.pt/vehicleDetails.aspx
> --
> user-agent: HTC_S730 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 
> 7.6)
> x-wsb-contextid: D51E281020EEAF0E
> accept: application/vnd.wap.mms-message;*/*,*/*;q=0.001
> accept-charset: *;q=0.001
> accept-encoding: gzip,deflate,*;q=0.001
> Max-Forwards: 10
> Connection: Keep-Alive
> X-BlueCoat-Via: 80B23F200A28D3DE
> **********************************************
> Another source of problems are requests that have Header names but no Header 
> values, e.g:
> **********************************************
> 21:12:36.953721 IP 87.103.25.114.4160 > 213.13.146.84.80: . ack 3029163034 
> win 32224
> [EMAIL PROTECTED]
> 21:12:37.060742 IP 89.26.250.104.4602 > 213.13.146.84.80: S 
> 2765090470:2765090470(0) win 16384 <mss 1360,nop,nop,sackOK>
> [EMAIL PROTECTED]
> 21:12:37.082011 IP 89.26.250.104.4602 > 213.13.146.84.80: . ack 3407385009 
> win 17680
> .T...P........P.E..S............
> 21:12:37.090524 IP 89.26.250.104.4602 > 213.13.146.84.80: P 
> 2765090471:2765090506(35) ack 3407385009 win 17680
> .T...P........P.E.....GET /robots.txt HTTP/1.0
> Host:
> **********************************************
> Notice the missing Host Header value.
> My local fix for these issues was to use bounded collections in 
> HttpHeaderDecodingState to hold Header information and to add extra sanity 
> checks for header values, a better solution will probably fix the issue at 
> the "state machine level".
> --
> Luis Neves

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to