[undertow-dev] exchange.getResponseSender().send issues
Stuart Douglas
sdouglas at redhat.com
Wed Feb 8 19:42:09 EST 2017
If you call send() with no arguments it will calculate the content
length for you. Otherwise it will not, as it is possible to generate a
response through multiple send() invocations.
If you have not provided a callback
io.undertow.io.DefaultIoCallback#CALLBACK is used, which should have
been logging exceptions at debug level, however it appears not to be.
I have filed https://issues.jboss.org/browse/UNDERTOW-988 and fixed
the issue upstream. The logging is only at DEBUG level though, so you
still won't see it by default. The reason for this is that in general
IoException's are caused by the remote client closing the connection
(or the connection getting broken somehow). If this is logged at a
higher level then it is trivial for a malicious remote client to
generate massive amounts of logging (by simply sending a request and
then closing the connection). This can be used to DOS a server by
filling up its disks with logs, and also causing massive amounts of
disk IO.
Stuart
On Thu, Feb 9, 2017 at 3:35 AM, Hicks, Matt <matt at matthicks.com> wrote:
> I'm having a very strange problem sending a generated HTML file back to the
> browser using `exchange.getResponseSender().send(s)`. It seems to work fine
> if the content is a short bit of text like "Hello World", but the content is
> 144,772 bytes and if I use Curl to test it I get a 200 OK, but it says the
> Content-Length is 0 and no content comes back. If I set the content to a
> short String like I said, then the Content-Length is properly set and the
> content comes back like expected.
>
> Should I not be using `exchange.getResponseSender().send` for large amounts
> of text?
>
> I just updated to 1.4.10.Final hoping that it was a bug that was fixed since
> 1.4.8.Final, but it's still happening.
>
> Any insights would be greatly appreciated.
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
More information about the undertow-dev
mailing list