DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11117>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11117 Coyote connector does not correctly deal with large PUT when using chunked transfer encoding ------- Additional Comments From [EMAIL PROTECTED] 2002-08-01 07:14 ------- Problem diagnosed, patch attached. The detailed cause: This code sets a particular buffer in a ByteChunk, and sets a specific start/end to this buffer. This allows sharing of the buffers, rather than copying them around. In this code, the buffer was set (in chunk - the output ByteChunk) as pointing to some part of the buffer in readChunk (the input ByteChunk), which is fine. However, in one particular code path, this was immediately followed by a call to parseCRLF() - which simply swallows a CRLF pair. In the very unfortunate event (which happened on sufficiently large inputs with some regularity) of this CRLF being over the end of the buffer, more content would need to be read in order to do this. This refilled readChunk, but because this was shared with the (output) chunk, the output buffer was _also_ overwritten. Output is then corrupted. This is fixed here by deferring the parseCRLF() until later (the next call to doRead()) This fix is critical for PUT (and presumably things like POST, or anything else with a request-body) to work reliably with chunked transfer-encoding. Index: filters/ChunkedInputFilter.java =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,v retrieving revision 1.5 diff -u -r1.5 ChunkedInputFilter.java --- filters/ChunkedInputFilter.java 20 Jun 2002 11:14:30 -0000 1.5 +++ filters/ChunkedInputFilter.java 1 Aug 2002 07:13:44 -0000 @@ -136,6 +136,12 @@ */ protected boolean endChunk = false; + /** + * Flag set to true if the next call to doRead() must parse a CRLF pair + * before doing anything else. + */ + protected boolean needCRLFParse = false; + // ------------------------------------------------------------- Properties @@ -158,6 +164,11 @@ if (endChunk) return -1; + if(needCRLFParse) { + needCRLFParse = false; + parseCRLF(); + } + if (remaining <= 0) { if (!parseChunkHeader()) { throw new IOException("Invalid chunk"); @@ -184,7 +195,7 @@ chunk.setBytes(buf, pos, remaining); pos = pos + remaining; remaining = 0; - parseCRLF(); + needCRLFParse = true; } return result; -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>