You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Ch Zhang (JIRA)" <ji...@apache.org> on 2010/12/14 19:57:06 UTC
[jira] Created: (AXIS2C-1511) infinite loop when consuming a .NET
ws with long header string (more than 512 chars in a row).
infinite loop when consuming a .NET ws with long header string (more than 512 chars in a row).
----------------------------------------------------------------------------------------------
Key: AXIS2C-1511
URL: https://issues.apache.org/jira/browse/AXIS2C-1511
Project: Axis2-C
Issue Type: Bug
Components: transport/http
Affects Versions: 1.6.0
Environment: RHEL Linux 4.3. Axis2/c 1.6.0
Reporter: Ch Zhang
Priority: Critical
Here is the http headers from the response from the web service (get from tcpmon):
HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 18:47:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: pabca=E1805E180758BC35D93575A3597546AFD230A7607FA5BAE50040E84E5D45EB45732A0F11E079EE9233258616347A96DA23EE87A42A999CE55679596A4C2E7505CEC45630684815FB399246F720B76DC12DC52D9AE57ECD329F1BD0D10F09B284280733B6C21213053E1E4E6974668B77B0EFE7FFFB39F51F4A4F02ED6C2BA46531BAF3412E667076A5D677A933D6FE9EDD37488867D7CD5D9E0FA205E62002BE3E0818427A07EE8A52A99DF0605DC9AF0C93A1610285E65CF59397F6A06959C48CB83268E2BDC3DA1578D1082F4578A9A4B594F58FB41596F108E5D486C2B1E9DBA3F9E; domain=somecompany.com; path=/; HttpOnly
Cache-Control: private, max-age=0
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 899
Beause the header: "Set-Cookie" is too long (it has 516 chars), so pasring this line in "core/transport/http/sender/http_client.c" line 623(see below), axis2/c enters an infinite loop because it cannot find the end of line. The client never finishes because of this infinite loop.
/* now read the headers */
memset(str_header, 0, 512);
end_of_line = AXIS2_FALSE;
while (AXIS2_FALSE == end_of_headers)
{
while ((read = axutil_stream_read(client->data_stream, env, tmp_buf,
1)) > 0)
{
tmp_buf[read] = '\0';
strcat(str_header, tmp_buf);
if (0 != strstr(str_header, AXIS2_HTTP_CRLF)) /* !!! never true !!!*/
{
end_of_line = AXIS2_TRUE;
break;
}
}
if (AXIS2_TRUE == end_of_line)
{
if (0 == axutil_strcmp(str_header, AXIS2_HTTP_CRLF))
{
end_of_headers = AXIS2_TRUE;
}
else
{
axis2_http_header_t *tmp_header =
axis2_http_header_create_by_str(env, str_header);
memset(str_header, 0, 512);
if (tmp_header)
{
axis2_http_simple_response_set_header(client->response,
env, tmp_header);
}
}
}
end_of_line = AXIS2_FALSE;
}
axis2_http_simple_response_set_body_stream(client->response, env,
client->data_stream);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Commented: (AXIS2C-1511) infinite loop when consuming a .NET
ws with long header string (more than 512 chars in a row).
Posted by "Ch Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12971389#action_12971389 ]
Ch Zhang commented on AXIS2C-1511:
----------------------------------
Here is the w3c.org standard:
http://www.w3.org/Protocols/rfc2109/rfc2109
6.3 Implementation Limits
Practical user agent implementations have limits on the number and
size of cookies that they can store. In general, user agents' cookie
support should have no fixed limits. They should strive to store as
many frequently-used cookies as possible. Furthermore, general-use
user agents should provide each of the following minimum capabilities
individually, although not necessarily simultaneously:
* at least 300 cookies
* at least 4096 bytes per cookie (as measured by the size of the
characters that comprise the cookie non-terminal in the syntax
description of the Set-Cookie header)
* at least 20 cookies per unique host or domain name
User agents created for specific purposes or for limited-capacity
devices should provide at least 20 cookies of 4096 bytes, to ensure
that the user can interact with a session-based origin server.
The information in a Set-Cookie response header must be retained in
its entirety. If for some reason there is inadequate space to store
the cookie, it must be discarded, not truncated.
Applications should use as few and as small cookies as possible, and
they should cope gracefully with the loss of a cookie.
Also reference ms implementations:
http://support.microsoft.com/kb/820129
> infinite loop when consuming a .NET ws with long header string (more than 512 chars in a row).
> ----------------------------------------------------------------------------------------------
>
> Key: AXIS2C-1511
> URL: https://issues.apache.org/jira/browse/AXIS2C-1511
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Affects Versions: 1.6.0
> Environment: RHEL Linux 4.3. Axis2/c 1.6.0
> Reporter: Ch Zhang
> Priority: Critical
>
> Here is the http headers from the response from the web service (get from tcpmon):
> HTTP/1.1 200 OK
> Date: Tue, 14 Dec 2010 18:47:17 GMT
> Server: Microsoft-IIS/6.0
> X-Powered-By: ASP.NET
> X-AspNet-Version: 2.0.50727
> Set-Cookie: pabca=E1805E180758BC35D93575A3597546AFD230A7607FA5BAE50040E84E5D45EB45732A0F11E079EE9233258616347A96DA23EE87A42A999CE55679596A4C2E7505CEC45630684815FB399246F720B76DC12DC52D9AE57ECD329F1BD0D10F09B284280733B6C21213053E1E4E6974668B77B0EFE7FFFB39F51F4A4F02ED6C2BA46531BAF3412E667076A5D677A933D6FE9EDD37488867D7CD5D9E0FA205E62002BE3E0818427A07EE8A52A99DF0605DC9AF0C93A1610285E65CF59397F6A06959C48CB83268E2BDC3DA1578D1082F4578A9A4B594F58FB41596F108E5D486C2B1E9DBA3F9E; domain=somecompany.com; path=/; HttpOnly
> Cache-Control: private, max-age=0
> Content-Type: application/soap+xml; charset=utf-8
> Content-Length: 899
> Beause the header: "Set-Cookie" is too long (it has 516 chars), so pasring this line in "core/transport/http/sender/http_client.c" line 623(see below), axis2/c enters an infinite loop because it cannot find the end of line. The client never finishes because of this infinite loop.
> /* now read the headers */
> memset(str_header, 0, 512);
> end_of_line = AXIS2_FALSE;
> while (AXIS2_FALSE == end_of_headers)
> {
> while ((read = axutil_stream_read(client->data_stream, env, tmp_buf,
> 1)) > 0)
> {
> tmp_buf[read] = '\0';
> strcat(str_header, tmp_buf);
> if (0 != strstr(str_header, AXIS2_HTTP_CRLF)) /* !!! never true !!!*/
> {
> end_of_line = AXIS2_TRUE;
> break;
> }
> }
> if (AXIS2_TRUE == end_of_line)
> {
> if (0 == axutil_strcmp(str_header, AXIS2_HTTP_CRLF))
> {
> end_of_headers = AXIS2_TRUE;
> }
> else
> {
> axis2_http_header_t *tmp_header =
> axis2_http_header_create_by_str(env, str_header);
> memset(str_header, 0, 512);
> if (tmp_header)
> {
> axis2_http_simple_response_set_header(client->response,
> env, tmp_header);
> }
> }
> }
> end_of_line = AXIS2_FALSE;
> }
> axis2_http_simple_response_set_body_stream(client->response, env,
> client->data_stream);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org