[jboss-jira] [JBoss JIRA] (AS7-5106) org.apache.coyote.http11.InternalOutputBuffer is not safe

Ste Gr (JIRA) jira-events at lists.jboss.org
Tue Jul 3 07:04:12 EDT 2012 

     [ https://issues.jboss.org/browse/AS7-5106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ste Gr updated AS7-5106:
------------------------

    Description: 
As soon as the http response should be send, there might be the problem, where the headers exceed the size of the internal output buffer. (see https://issues.jboss.org/browse/ARQ-982)

 * No boundary check on the array 'buf' of InternalOutputBuffer
 * problem: The whole sendHeader-routine is not able to split the send of http headers.

Example stack trace (arquillian warp is adds the big header):
{noformat}
ArrayIndexOutOfBoundsException

InternalOutputBuffer.write(String) line: 698	
InternalOutputBuffer.write(MessageBytes) line: 607	
InternalOutputBuffer.sendHeader(MessageBytes, MessageBytes) line: 479	
Http11Processor.prepareResponse() line: 1648	
Http11Processor.action(ActionCode, Object) line: 998	
Response.action(ActionCode, Object) line: 188	
InternalOutputBuffer.doWrite(ByteChunk, Response) line: 552	
Response.doWrite(ByteChunk) line: 594	
OutputBuffer.realWriteBytes(byte[], int, int) line: 398	
ByteChunk.flushBuffer() line: 449	
ByteChunk.append(byte[], int, int) line: 349	
OutputBuffer.writeBytes(byte[], int, int) line: 426	
OutputBuffer.write(byte[], int, int) line: 415	
CoyoteOutputStream.write(byte[], int, int) line: 89	
CoyoteOutputStream.write(byte[]) line: 83	
NonWritingPrintWriter.finallyWriteAndClose(ServletOutputStream) line: 58	
WarpFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 189	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
TransactionWebFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 38	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
NTLMFakeFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 33	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
StandardWrapperValve.invoke(Request, Response) line: 275	
StandardContextValve.invoke(Request, Response) line: 161	
WebNonTxEmCloserValve.invoke(Request, Response) line: 50	
SecurityContextAssociationValve.invoke(Request, Response) line: 153	
StandardHostValve.invoke(Request, Response) line: 155	
ErrorReportValve.invoke(Request, Response) line: 102	
StandardEngineValve.invoke(Request, Response) line: 109	
CoyoteAdapter.service(Request, Response) line: 368	
Http11Processor.process(Socket) line: 877	
Http11Protocol$Http11ConnectionHandler.process(Socket) line: 671	
JIoEndpoint$Worker.run() line: 930	
Thread.run() line: not available	
{noformat}

  was:
As soon as the http response should be send, there might be the problem, where the headers exceed the size of the internal output buffer. (see https://issues.jboss.org/browse/ARQ-982)

1. problem: No boundary check on the array 'buf' of InternalOutputBuffer
2. problem: The whole sendHeader-routine is not able to split the split the send of headers.

Example stack trace (arquillian warp is adds the big header):
InternalOutputBuffer.write(String) line: 698	
InternalOutputBuffer.write(MessageBytes) line: 607	
InternalOutputBuffer.sendHeader(MessageBytes, MessageBytes) line: 479	
Http11Processor.prepareResponse() line: 1648	
Http11Processor.action(ActionCode, Object) line: 998	
Response.action(ActionCode, Object) line: 188	
InternalOutputBuffer.doWrite(ByteChunk, Response) line: 552	
Response.doWrite(ByteChunk) line: 594	
OutputBuffer.realWriteBytes(byte[], int, int) line: 398	
ByteChunk.flushBuffer() line: 449	
ByteChunk.append(byte[], int, int) line: 349	
OutputBuffer.writeBytes(byte[], int, int) line: 426	
OutputBuffer.write(byte[], int, int) line: 415	
CoyoteOutputStream.write(byte[], int, int) line: 89	
CoyoteOutputStream.write(byte[]) line: 83	
NonWritingPrintWriter.finallyWriteAndClose(ServletOutputStream) line: 58	
WarpFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 189	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
TransactionWebFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 38	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
NTLMFakeFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 33	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
StandardWrapperValve.invoke(Request, Response) line: 275	
StandardContextValve.invoke(Request, Response) line: 161	
WebNonTxEmCloserValve.invoke(Request, Response) line: 50	
SecurityContextAssociationValve.invoke(Request, Response) line: 153	
StandardHostValve.invoke(Request, Response) line: 155	
ErrorReportValve.invoke(Request, Response) line: 102	
StandardEngineValve.invoke(Request, Response) line: 109	
CoyoteAdapter.service(Request, Response) line: 368	
Http11Processor.process(Socket) line: 877	
Http11Protocol$Http11ConnectionHandler.process(Socket) line: 671	
JIoEndpoint$Worker.run() line: 930	
Thread.run() line: not available	



    
> org.apache.coyote.http11.InternalOutputBuffer is not safe
> ---------------------------------------------------------
>
>                 Key: AS7-5106
>                 URL: https://issues.jboss.org/browse/AS7-5106
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 7.1.1.Final
>            Reporter: Ste Gr
>            Assignee: Remy Maucherat
>
> As soon as the http response should be send, there might be the problem, where the headers exceed the size of the internal output buffer. (see https://issues.jboss.org/browse/ARQ-982)
>  * No boundary check on the array 'buf' of InternalOutputBuffer
>  * problem: The whole sendHeader-routine is not able to split the send of http headers.
> Example stack trace (arquillian warp is adds the big header):
> {noformat}
> ArrayIndexOutOfBoundsException
> InternalOutputBuffer.write(String) line: 698	
> InternalOutputBuffer.write(MessageBytes) line: 607	
> InternalOutputBuffer.sendHeader(MessageBytes, MessageBytes) line: 479	
> Http11Processor.prepareResponse() line: 1648	
> Http11Processor.action(ActionCode, Object) line: 998	
> Response.action(ActionCode, Object) line: 188	
> InternalOutputBuffer.doWrite(ByteChunk, Response) line: 552	
> Response.doWrite(ByteChunk) line: 594	
> OutputBuffer.realWriteBytes(byte[], int, int) line: 398	
> ByteChunk.flushBuffer() line: 449	
> ByteChunk.append(byte[], int, int) line: 349	
> OutputBuffer.writeBytes(byte[], int, int) line: 426	
> OutputBuffer.write(byte[], int, int) line: 415	
> CoyoteOutputStream.write(byte[], int, int) line: 89	
> CoyoteOutputStream.write(byte[]) line: 83	
> NonWritingPrintWriter.finallyWriteAndClose(ServletOutputStream) line: 58	
> WarpFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 189	
> ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
> ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
> TransactionWebFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 38	
> ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
> ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
> NTLMFakeFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 33	
> ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
> ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
> StandardWrapperValve.invoke(Request, Response) line: 275	
> StandardContextValve.invoke(Request, Response) line: 161	
> WebNonTxEmCloserValve.invoke(Request, Response) line: 50	
> SecurityContextAssociationValve.invoke(Request, Response) line: 153	
> StandardHostValve.invoke(Request, Response) line: 155	
> ErrorReportValve.invoke(Request, Response) line: 102	
> StandardEngineValve.invoke(Request, Response) line: 109	
> CoyoteAdapter.service(Request, Response) line: 368	
> Http11Processor.process(Socket) line: 877	
> Http11Protocol$Http11ConnectionHandler.process(Socket) line: 671	
> JIoEndpoint$Worker.run() line: 930	
> Thread.run() line: not available	
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list