You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2022/08/01 20:46:22 UTC
[Bug 66194] New: When using http2 and maxHeaderSize is exceeded, nothing is logged
https://bz.apache.org/bugzilla/show_bug.cgi?id=66194
Bug ID: 66194
Summary: When using http2 and maxHeaderSize is exceeded,
nothing is logged
Product: Tomcat 9
Version: 9.0.63
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: damien.hollis@unimarket.com
Target Milestone: -----
We are using http2 and we have some requests with many cookies and this results
in us exceeding the maxHeaderSize limit. This has taken a very long time to
track down as tomcat does not log anything under these conditions - prior to
http2 I'm pretty sure this situation was logged (at least once).
The code in question is:
if (hpackDecoder.isHeaderSizeExceeded(headerReadBuffer.position())) {
StreamException headerException = new
StreamException(sm.getString(
"http2Parser.headerLimitSize", connectionId,
Integer.valueOf(streamId)),
Http2Error.ENHANCE_YOUR_CALM, streamId);
hpackDecoder.getHeaderEmitter().setHeaderException(headerException);
}
Note: it is logged if I turn on debug logging but we can't do that in
production.
o.a.coyote.http2.Http2UpgradeHandler : Connection [1], Stream [1], Error
[ENHANCE_YOUR_CALM], Message [Connection [1], Stream [1], Total header size too
big], RST (closing stream)
Could this be logged as a warning, so we can at least detect this situation in
production?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 66194] When using http2 and maxHeaderSize is exceeded, nothing is logged
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66194
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Logging every instance of this opens up the potential for a DoS.
We can look at the possibility of mirroring the logging used for HTTP/1.1 which
logs via a UserDataHelper instance.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 66194] When using http2 and maxHeaderSize is exceeded, nothing is logged
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66194
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- 10.1.x for 10.1.0-M18 onwards
- 10.0.x for 10.0.24 onwards
- 9.0.x for 9.0.66 onwards
- 8.5.x for 8.5.83 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 66194] When using http2 and maxHeaderSize is exceeded, nothing is logged
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66194
--- Comment #2 from damien.hollis@unimarket.com ---
Logging at least the first instance would be much more helpful than the current
situation.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org