You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/08/01 09:14:43 UTC

DO NOT REPLY [Bug 11117] - Coyote connector does not correctly deal with large PUT when using chunked transfer encoding

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11117>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11117

Coyote connector does not correctly deal with large PUT when using chunked transfer encoding





------- Additional Comments From msmith@ns.xn.com.au  2002-08-01 07:14 -------
Problem diagnosed, patch attached.
The detailed cause:

This code sets a particular buffer in a ByteChunk, and sets a specific start/end
to this buffer. This allows sharing of the buffers, rather than copying them
around.

In this code, the buffer was set (in chunk - the output ByteChunk) as pointing
to some part of the buffer in readChunk (the input ByteChunk), which is fine.
However, in one particular code path, this was immediately followed by a call to
parseCRLF() - which simply swallows a CRLF pair. In the very unfortunate event
(which happened on sufficiently large inputs with some regularity) of this CRLF
being over the end of the buffer, more content would need to be read in order to
do this. This refilled readChunk, but because this was shared with the (output)
chunk, the output buffer was _also_ overwritten. Output is then corrupted.

This is fixed here by deferring the parseCRLF() until later (the next call to
doRead())

This fix is critical for PUT (and presumably things like POST, or anything else
with a request-body) to work reliably with chunked transfer-encoding. 

Index: filters/ChunkedInputFilter.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,v
retrieving revision 1.5
diff -u -r1.5 ChunkedInputFilter.java
--- filters/ChunkedInputFilter.java     20 Jun 2002 11:14:30 -0000      1.5
+++ filters/ChunkedInputFilter.java     1 Aug 2002 07:13:44 -0000
@@ -136,6 +136,12 @@
      */
     protected boolean endChunk = false;
 
+    /**
+     * Flag set to true if the next call to doRead() must parse a CRLF pair
+     * before doing anything else.
+     */
+    protected boolean needCRLFParse = false;
+
 
     // ------------------------------------------------------------- Properties
 
@@ -158,6 +164,11 @@
         if (endChunk)
             return -1;
 
+        if(needCRLFParse) {
+            needCRLFParse = false;
+            parseCRLF();
+        }
+
         if (remaining <= 0) {
             if (!parseChunkHeader()) {
                 throw new IOException("Invalid chunk");
@@ -184,7 +195,7 @@
             chunk.setBytes(buf, pos, remaining);
             pos = pos + remaining;
             remaining = 0;
-            parseCRLF();
+            needCRLFParse = true;
         }
 
         return result;

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>