DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11117>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11117

Coyote connector does not correctly deal with large PUT when using chunked transfer 
encoding

[EMAIL PROTECTED] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |



------- Additional Comments From [EMAIL PROTECTED]  2002-08-12 07:34 -------
Oh dear. Turns out there's another very closely related case which can be
triggered (but on my development machine, it never is - others have reported
this to me) in very rare circumstances. I changed the logic to compute the
length of the chunk as we read the chunk header, rather than first determining
the chunk header length, then computing it after the entire header has been
read. This is neccesary because it's possible (if unlikely - so it gets
triggered rarely) for the buffer to be re-filled (with new data) in between
this, so the length computation fails.

Here's the patch:

Index: src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,v
retrieving revision 1.6
diff -u -r1.6 ChunkedInputFilter.java
--- src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java   8 Aug
2002 02:55:35 -0000       1.6
+++ src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java   12 Aug
2002 03:12:24 -0000
@@ -283,8 +283,6 @@
 
         int result = 0;
         boolean eol = false;
-        int begin = pos;
-        int end = begin;
         boolean readDigit = false;
 
         while (!eol) {
@@ -299,11 +297,9 @@
                 eol = true;
             } else {
                 if (HexUtils.DEC[buf[pos]] != -1) {
-                    if (!readDigit) {
-                        readDigit = true;
-                        begin = pos;
-                    }
-                    end = pos;
+                    readDigit = true;
+                    result *=16;
+                    result += HexUtils.DEC[buf[pos]];
                 }
             }
 
@@ -313,15 +309,6 @@
 
         if (!readDigit)
             return false;
-
-        int offset = 1;
-        for (int i = end; i >= begin; i--) {
-            int val = HexUtils.DEC[buf[i]];
-            if (val == -1)
-                return false;
-            result = result + val * offset;
-            offset = offset * 16;
-        }
 
         if (result == 0)
             endChunk = true;

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to