[jboss-jira] [JBoss JIRA] (WFWIP-272) Specifying header name containing '\'n in constant-headers causes fatal error

Darran Lofthouse (Jira) issues at jboss.org
Tue Nov 19 08:07:00 EST 2019 

    [ https://issues.jboss.org/browse/WFWIP-272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13814836#comment-13814836 ] 

Darran Lofthouse commented on WFWIP-272:
----------------------------------------

For header names we have a description of allowed values here: -

https://tools.ietf.org/html/rfc2616#page-15
https://tools.ietf.org/html/rfc2616#page-31

I am going to go ahead and add validation that the names specified correspond to the definition.

> Specifying header name containing '\'n in constant-headers causes fatal error
> -----------------------------------------------------------------------------
>
>                 Key: WFWIP-272
>                 URL: https://issues.jboss.org/browse/WFWIP-272
>             Project: WildFly WIP
>          Issue Type: Bug
>          Components: Security
>            Reporter: Tomas Terem
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>              Labels: management
>
> Specifying header name containing '\'n in constant-headers causes fatal error:
> {code:java}
> 10:02:36,853 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service
> 	at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:393)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
> 	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
> 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> 	at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.IllegalArgumentException: UT000149: HttpString is not allowed to contain newlines. value: A
> B
> 	at io.undertow.util.HttpString.checkForNewlines(HttpString.java:126)
> 	at io.undertow.util.HttpString.<init>(HttpString.java:120)
> 	at io.undertow.util.HttpString.<init>(HttpString.java:103)
> 	at org.jboss.as.domain.http.server.StaticHeadersHandler$HeaderConstant.<init>(StaticHeadersHandler.java:70)
> 	at org.jboss.as.domain.http.server.StaticHeadersHandler.addHeader(StaticHeadersHandler.java:61)
> 	at org.jboss.as.domain.http.server.ManagementHttpServer.setupOpenListener(ManagementHttpServer.java:369)
> 	at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:279)
> 	at org.jboss.as.domain.http.server.ManagementHttpServer.access$2600(ManagementHttpServer.java:111)
> 	at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:666)
> 	at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:351)
> 	... 8 more
> 10:02:36,856 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("core-service" => "management"),
>     ("management-interface" => "http-interface")
> ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "WFLYSRV0083: Failed to start the http-interface service
>     Caused by: java.lang.IllegalArgumentException: UT000149: HttpString is not allowed to contain newlines. value: A
> B"}}
> 10:02:36,856 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("core-service" => "management"),
>     ("management-interface" => "http-interface")
> ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "WFLYSRV0083: Failed to start the http-interface service
>     Caused by: java.lang.IllegalArgumentException: UT000149: HttpString is not allowed to contain newlines. value: A
> B"}}
> 10:02:36,868 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
> 10:02:36,875 INFO  [org.jboss.as] (MSC service thread 1-5) WFLYSRV0050: WildFly Core 11.0.0.Beta3-SNAPSHOT stopped in 3ms
> {code}



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list