You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/01/16 00:29:16 UTC

DO NOT REPLY [Bug 16146] New: - POST request with invalid Content-Length header

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16146>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16146

POST request with invalid Content-Length header 

           Summary: POST request with invalid Content-Length header
           Product: Tomcat 4
           Version: 4.0 Beta 1
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Connector:Coyote HTTP/1.1
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: bsemprie@hotmail.com


IE sends a negative number (the signed integer wraps) for Content-Length sizes 
greater than 2147483647 bytes. Reuslting in the following error:

SEVERE: Error reading request, ignored
java.lang.NumberFormatException
	at org.apache.tomcat.util.buf.Ascii.parseInt(Ascii.java:188)
	at org.apache.tomcat.util.buf.ByteChunk.getInt(ByteChunk.java:439)
	at org.apache.tomcat.util.buf.MessageBytes.getInt
(MessageBytes.java:629)
	at org.apache.coyote.Request.getContentLength(Request.java:314)
	at org.apache.coyote.http11.Http11Processor.prepareRequest
(Http11Processor.java:747)
	at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:424)
	at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnecti
on(Http11Protocol.java:386)
	at org.apache.tomcat.util.net.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:534)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:530)
	at java.lang.Thread.run(Thread.java:536)

CODE:
public int getContentLength() {
  if( contentLength > -1 ) return contentLength;
MessageBytes clB = headers.getValue("content-length");
        contentLength = (clB == null || clB.isNull()) ? -1 : clB.getInt();
	available = contentLength;

	return contentLength;
    }

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>