[jboss-jira] [JBoss JIRA] (AS7-5106) org.apache.coyote.http11.InternalOutputBuffer is not safe

Ste Gr (JIRA) jira-events at lists.jboss.org
Tue Jul 3 06:56:13 EDT 2012 

Ste Gr created AS7-5106:
---------------------------

             Summary: org.apache.coyote.http11.InternalOutputBuffer is not safe
                 Key: AS7-5106
                 URL: https://issues.jboss.org/browse/AS7-5106
             Project: Application Server 7
          Issue Type: Bug
          Components: Web
    Affects Versions: 7.1.1.Final
            Reporter: Ste Gr
            Assignee: Remy Maucherat


As soon as the http response should be send, there might be the problem, where the headers exceed the size of the internal output buffer. (see https://issues.jboss.org/browse/ARQ-982)

1. problem: No boundary check on the array 'buf' of InternalOutputBuffer
2. problem: The whole sendHeader-routine is not able to split the split the send of headers.

Example stack trace (arquillian warp is adds the big header):
InternalOutputBuffer.write(String) line: 698	
InternalOutputBuffer.write(MessageBytes) line: 607	
InternalOutputBuffer.sendHeader(MessageBytes, MessageBytes) line: 479	
Http11Processor.prepareResponse() line: 1648	
Http11Processor.action(ActionCode, Object) line: 998	
Response.action(ActionCode, Object) line: 188	
InternalOutputBuffer.doWrite(ByteChunk, Response) line: 552	
Response.doWrite(ByteChunk) line: 594	
OutputBuffer.realWriteBytes(byte[], int, int) line: 398	
ByteChunk.flushBuffer() line: 449	
ByteChunk.append(byte[], int, int) line: 349	
OutputBuffer.writeBytes(byte[], int, int) line: 426	
OutputBuffer.write(byte[], int, int) line: 415	
CoyoteOutputStream.write(byte[], int, int) line: 89	
CoyoteOutputStream.write(byte[]) line: 83	
NonWritingPrintWriter.finallyWriteAndClose(ServletOutputStream) line: 58	
WarpFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 189	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
TransactionWebFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 38	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
NTLMFakeFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 33	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
StandardWrapperValve.invoke(Request, Response) line: 275	
StandardContextValve.invoke(Request, Response) line: 161	
WebNonTxEmCloserValve.invoke(Request, Response) line: 50	
SecurityContextAssociationValve.invoke(Request, Response) line: 153	
StandardHostValve.invoke(Request, Response) line: 155	
ErrorReportValve.invoke(Request, Response) line: 102	
StandardEngineValve.invoke(Request, Response) line: 109	
CoyoteAdapter.service(Request, Response) line: 368	
Http11Processor.process(Socket) line: 877	
Http11Protocol$Http11ConnectionHandler.process(Socket) line: 671	
JIoEndpoint$Worker.run() line: 930	
Thread.run() line: not available	


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list