[jboss-jira] [JBoss JIRA] (AS7-5106) org.apache.coyote.http11.InternalOutputBuffer is not safe
Remy Maucherat (JIRA)
jira-events at lists.jboss.org
Tue Jul 3 07:12:12 EDT 2012
[ https://issues.jboss.org/browse/AS7-5106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Remy Maucherat resolved AS7-5106.
---------------------------------
Resolution: Rejected
It is legal for web servers to constrain the size of the header(s), the header size used here (looking at the other report) is far too large.
So this is as expected, you can consider the error explanatory. There's nothing unsafe about this use, this is an array size check, that will cause the request to fail, and that's it. The header size is configurable should this be needed for your application.
> org.apache.coyote.http11.InternalOutputBuffer is not safe
> ---------------------------------------------------------
>
> Key: AS7-5106
> URL: https://issues.jboss.org/browse/AS7-5106
> Project: Application Server 7
> Issue Type: Bug
> Components: Web
> Affects Versions: 7.1.1.Final
> Reporter: Ste Gr
> Assignee: Remy Maucherat
>
> As soon as the http response should be send, there might be the problem, where the headers exceed the size of the internal output buffer. (see https://issues.jboss.org/browse/ARQ-982)
> * No boundary check on the array 'buf' of InternalOutputBuffer
> * problem: The whole sendHeader-routine is not able to split the send of http headers.
> Example stack trace (arquillian warp is adds the big header):
> {noformat}
> ArrayIndexOutOfBoundsException
> InternalOutputBuffer.write(String) line: 698
> InternalOutputBuffer.write(MessageBytes) line: 607
> InternalOutputBuffer.sendHeader(MessageBytes, MessageBytes) line: 479
> Http11Processor.prepareResponse() line: 1648
> Http11Processor.action(ActionCode, Object) line: 998
> Response.action(ActionCode, Object) line: 188
> InternalOutputBuffer.doWrite(ByteChunk, Response) line: 552
> Response.doWrite(ByteChunk) line: 594
> OutputBuffer.realWriteBytes(byte[], int, int) line: 398
> ByteChunk.flushBuffer() line: 449
> ByteChunk.append(byte[], int, int) line: 349
> OutputBuffer.writeBytes(byte[], int, int) line: 426
> OutputBuffer.write(byte[], int, int) line: 415
> CoyoteOutputStream.write(byte[], int, int) line: 89
> CoyoteOutputStream.write(byte[]) line: 83
> NonWritingPrintWriter.finallyWriteAndClose(ServletOutputStream) line: 58
> WarpFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 189
> ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280
> ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248
> TransactionWebFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 38
> ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280
> ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248
> NTLMFakeFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 33
> ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280
> ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248
> StandardWrapperValve.invoke(Request, Response) line: 275
> StandardContextValve.invoke(Request, Response) line: 161
> WebNonTxEmCloserValve.invoke(Request, Response) line: 50
> SecurityContextAssociationValve.invoke(Request, Response) line: 153
> StandardHostValve.invoke(Request, Response) line: 155
> ErrorReportValve.invoke(Request, Response) line: 102
> StandardEngineValve.invoke(Request, Response) line: 109
> CoyoteAdapter.service(Request, Response) line: 368
> Http11Processor.process(Socket) line: 877
> Http11Protocol$Http11ConnectionHandler.process(Socket) line: 671
> JIoEndpoint$Worker.run() line: 930
> Thread.run() line: not available
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list