[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[jbossseam-issues] [JBoss JIRA]...

ROB b (JIRA)

Sunday, 13 May 2007 Sun, 13 May '07

7:16 p.m.

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Fix For: 1.3.0.BETA1 When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Show replies by date

Shane Bryzak (JIRA)

Sunday, 13 May Sun, 13 May

8:02 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Assigned: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=all ] Shane Bryzak reassigned JBSEAM-1323: ------------------------------------ Assignee: Shane Bryzak

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.BETA1 When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

ROB b (JIRA)

9:02 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=comments#action_12362156 ] ROB b commented on JBSEAM-1323: ------------------------------- Here's better xhtml source for generating the error. Also, click submit 10 or 15 times and you usually get the exception for JBSEAM-1322 <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:c="http://java.sun.com/jstl/core" > <h:form enctype="multipart/form-data"> <h:commandButton /><br/> <c:forEach end="#{500}"> <h:inputText /> </c:forEach> </h:form> </html>

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.BETA1 When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

Shane Bryzak (JIRA)

Wednesday, 16 May Wed, 16 May

2:30 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=comments#action_12362317 ] Shane Bryzak commented on JBSEAM-1323: -------------------------------------- Could you please test this again using the latest CVS version of Seam, now that JBSEAM-1322 has been fixed.

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.BETA1 When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

ROB b (JIRA)

11:06 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=comments#action_12362370 ] ROB b commented on JBSEAM-1323: ------------------------------- I submitted the test form provided in my previous comment with the as-of-this-moment latest CVS version of Seam on JBoss AS 4.2.0.GA. The exception related to JBSEAM-1322 is no longer occuring (thanks for fixing it), but I still am having the same problem described in this issue record. The erroneous form data appears when I submit the blank, before-mentioned form. If you are not able to reproduce this bug please let me know, but I do not believe it is specific to my dev environment.

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.BETA1 When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

Shane Bryzak (JIRA)

9:37 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=all ] Shane Bryzak closed JBSEAM-1323. -------------------------------- Resolution: Done Seems to be fixed now, the bug was in the checkSequence() method - it was returning false for any checks where the byte sequence started on index 0 of the array.

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.BETA1 When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

Philippe Deslauriers (JIRA)

Monday, 10 March Mon, 10 Mar

3:53 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=comments#action_12402032 ] Philippe Deslauriers commented on JBSEAM-1323: ---------------------------------------------- In some cases, an input will not be in the request param map (yes it was sent in the header). Before the input would be populated with wrong value (part of the boundary itself), now it is just missing. See the header below... somehow SAQCUP7 doesn't get added to the param map ****start*** POST /Promopunch2/pages/materiel/materielPromoDetailComplement.jsf HTTP/1.1 Host: localhost:9443 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en,fr;q=0.8,fr-fr;q=0.5,en-us;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: https://localhost:9443/Promopunch2/pages/materiel/materielPromoDetailComp... Cookie: JSESSIONID=0000f4gtnXy1ncjUuGYdJrW3-HX:-1; LtpaToken2=BMZmMobGEy7zkW90lxwkKYu7L/dx+mMhZmfHRp/RZrEw8/RHh2/GxFmLjaC8B84rBwTr6RhrEz5Wht/EQ4xz9E44zo9HaLXzASUCm6PHlZed3Xh1lSl4eJzN0kHFL0EREud88qD2ToOPwlrSXuu1Qsfy3vnBkNQcEG7r6cpTr7WsqImPHtW+V1YGPsdzSMqrp/+QiHeHQCPSAOOjaQPoFmpQddRWuFnkfzaVrpw0duR7WuNqNBI6/xrXSOEg2CPk1fv6nxTOxq8i7qbGGTIoOrh0vqNbytBkzPm/+xtV7Xq1CrVJry6U+BnNHZO2h0Z/VtFj/BkC16w7UjSoUx00N4u4yGHQqDOhRud451jZP+nzrPZM1x/FPpwKFUZrKBqF00sWY+mFWldNADTjzYSmTVtOy+fWqYVquEiN6PCRbseSeUmrT7emsKijVJpf279uKBRhmQouHNCFrlGYQF7z/VMNF9IccoUiI7ylAug54sB1FVQTGl8AVwPMl5biAHdoCYhEum3Vif8UZWWAZwKjfKX4KZjHTmXr8rsH2FoQ3xWviU37hnSf3BpcmngtBrYar4rRLis8JKh2sFgIRTmHghvtQl4mL2cidZSZeEfORZDJ57wHrn6DAWkITqm7YbQPXFSmGmqNu/D5xfB/+ggaWZpTn+XVFu1J/E4YS9d5+EO+JXb7Vo4sukoYCMVGh1Ob Content-Type: multipart/form-data; boundary=---------------------------71691099814270 Content-Length: 2911 -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm" clientForm -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:typesPromos" AFFNVCIR -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit0" 538157 -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP0" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit1" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP1" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit2" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP2" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit3" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP3" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit4" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP4" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit5" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP5" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit6" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP6" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit7" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP7" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit8" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP8" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:numProduit9" -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:SAQCUP9" CODE_SAQ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:montantRabais" 100,00$ -----------------------------71691099814270 Content-Disposition: form-data; name="clientForm:creer" CRÃER -----------------------------71691099814270 Content-Disposition: form-data; name="javax.faces.ViewState" _id5 -----------------------------71691099814270-- ****end***

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.ALPHA When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

Shane Bryzak (JIRA)

4:42 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Reopened: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=all ] Shane Bryzak reopened JBSEAM-1323: ---------------------------------- Reopening, I'll look at this test case.

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.ALPHA When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

Pete Muir (JIRA)

Tuesday, 11 March Tue, 11 Mar

7:14 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=all ] Pete Muir updated JBSEAM-1323: ------------------------------ Fix Version/s: 2.1.0.GA (was: 1.3.0.ALPHA)

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.ALPHA When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

Pete Muir (JIRA)

7:14 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=all ] Pete Muir closed JBSEAM-1323. ----------------------------- Resolution: Done Please open a new issue. This one is closed in a released version.

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.ALPHA When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

Pete Muir (JIRA)

7:14 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

[ http://jira.jboss.com/jira/browse/JBSEAM-1323?page=all ] Pete Muir updated JBSEAM-1323: ------------------------------ Fix Version/s: 1.3.0.ALPHA (was: 2.1.0.GA)

...

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer ---------------------------------------------------------------------------------------------------------- Key: JBSEAM-1323 URL: http://jira.jboss.com/jira/browse/JBSEAM-1323 Project: JBoss Seam Issue Type: Bug Components: Core Affects Versions: 1.2.1.GA, 1.2.0.GA Environment: Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1 Reporter: ROB b Assigned To: Shane Bryzak Fix For: 1.3.0.ALPHA When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents. This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs. This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though). Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug. Submitting the following XHTML source multiple times can be used to demonstrate the bug: <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.com/products/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.ajax4jsf.org/rich" > <h:form enctype="multipart/form-data"> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:inputText /> <h:commandButton /> </h:form> </html>

6053

days inactive

6355

days old

seam-issues@lists.jboss.org

Manage subscription

10 comments

4 participants

tags (0)

participants (4)

Pete Muir (JIRA)
Philippe Deslauriers (JIRA)
ROB b (JIRA)
Shane Bryzak (JIRA)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1323) MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer