DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14129>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14129 ArrayIndexOutOfBoundsException in RequestUtil.parseParameters() Summary: ArrayIndexOutOfBoundsException in RequestUtil.parseParameters() Product: Tomcat 4 Version: 4.0.4 Final Platform: All OS/Version: All Status: NEW Severity: Major Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] RequestUtil.parseParameters() doesn't check for incomplete encoded characters at the end of query parameters. An URL of the form http://localhost:8080/context/page.jsp?param=abc%4 will result in an ArrayIndexOutOfBoundsException. The offending method is below with the place that causes the bug hilighted: public static void parseParameters(Map map, byte[] data, String encoding) throws UnsupportedEncodingException { if (data != null && data.length > 0) { int pos = 0; int ix = 0; int ox = 0; String key = null; String value = null; while (ix < data.length) { byte c = data[ix++]; switch ((char) c) { case '&': value = new String(data, 0, ox, encoding); if (key != null) { putMapEntry(map, key, value); key = null; } ox = 0; break; case '=': key = new String(data, 0, ox, encoding); ox = 0; break; case '+': data[ox++] = (byte)' '; break; case '%': // *************************************************** // ix+2<len needs to be checked here! // *************************************************** data[ox++] = (byte)((convertHexDigit(data[ix++]) << 4) + convertHexDigit(data[ix++])); break; default: data[ox++] = c; } } //The last value does not end in '&'. So save it now. if (key != null) { value = new String(data, 0, ox, encoding); putMapEntry(map, key, value); } } } Below is a complete stack trace: java.lang.ArrayIndexOutOfBoundsException: 246 at org.apache.catalina.util.RequestUtil.parseParameters (RequestUtil.java:517) at org.apache.catalina.util.RequestUtil.parseParameters (RequestUtil.java:337) at org.apache.catalina.connector.HttpRequestBase.parseParameters (HttpRequestBase.java:625) at org.apache.catalina.connector.HttpRequestBase.getParameterNames (HttpRequestBase.java:723) at org.apache.catalina.connector.RequestFacade.getParameterNames (RequestFacade.java:165) at org.apache.struts.util.RequestUtils.populate(RequestUtils.java:950) at org.apache.struts.action.RequestProcessor.processPopulate (RequestProcessor.java:779) at org.apache.struts.action.RequestProcessor.process (RequestProcessor.java:246) at org.apache.struts.action.ActionServlet.process (ActionServlet.java:1292) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:492) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:190) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.authenticator.AuthenticatorBase.invoke (AuthenticatorBase.java:531) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.valves.CertificatesValve.invoke (CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke (StandardContext.java:2347) at org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke (ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.valves.AccessLogValve.invoke (AccessLogValve.java:468) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process (HttpProcessor.java:1027) at org.apache.catalina.connector.http.HttpProcessor.run (HttpProcessor.java:1125) at java.lang.Thread.run(Thread.java:536) -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
