You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Michael Grant (JIRA)" <ji...@apache.org> on 2016/11/16 21:14:58 UTC
[jira] [Commented] (CXF-7139) BufferOverflowException when decoding
a parameter values with a trailing %
[ https://issues.apache.org/jira/browse/CXF-7139?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15671658#comment-15671658 ]
Michael Grant commented on CXF-7139:
------------------------------------
I believe this is due to an optimisation in CXF-6189.
{code:java}
final byte[] valueBytes = StringUtils.toBytes(value, enc);
ByteBuffer in = ByteBuffer.wrap(valueBytes);
ByteBuffer out = ByteBuffer.allocate(in.capacity() - 2 * escapesCount);
{code}
Removing {{2 * escapesCount}} from the capacity of {{out}} allows the {{out}} capacity to be set to a value that is too small if a trailing {{%}} is included in the parameter.
A simple solution is to always add and extra 1 to the {{out}} capacity (giving it enough capacity to add to until the invalid URL encoding is spotted).
> BufferOverflowException when decoding a parameter values with a trailing %
> --------------------------------------------------------------------------
>
> Key: CXF-7139
> URL: https://issues.apache.org/jira/browse/CXF-7139
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 3.0.4, 3.1.0
> Reporter: Michael Grant
> Priority: Minor
>
> When a parameter value contains a trailing {{%}}, a {{BufferOverflowException}} is thrown.
> e.g. a query to our service containing {{http://localhost:8080/test/?parameter=test%}}
> {code}
> java.nio.BufferOverflowException
> at java.nio.Buffer.nextPutIndex(Buffer.java:521)
> at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:169)
> at org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:102)
> at org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:67)
> at org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:122)
> at org.apache.cxf.jaxrs.utils.HttpUtils.urlDecode(HttpUtils.java:97)
> at org.apache.cxf.jaxrs.utils.JAXRSUtils.getStructuredParams(JAXRSUtils.java:1262)
> at org.apache.cxf.jaxrs.utils.JAXRSUtils.getStructuredParams(JAXRSUtils.java:1236)
> at org.apache.cxf.jaxrs.impl.UriInfoImpl.getQueryParameters(UriInfoImpl.java:115)
> at org.apache.cxf.jaxrs.impl.UriInfoImpl.getQueryParameters(UriInfoImpl.java:109)
> at org.apache.cxf.jaxrs.impl.RequestPreprocessor.preprocess(RequestPreprocessor.java:74)
> at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:102)
> at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254)
> at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> at org.apache.cxf.transport.servlet.ServletController.invoke(Servlet
> at org.apache.cxf.transport.servlet.ServletController.invoke(Servlet
> at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNo
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleReques
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(Abstra
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(Abst
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.jav
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrap
> at org.apache.catalina.core.StandardContextValve.invoke(StandardCont
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authen
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostVal
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVal
> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abstract
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngin
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter
> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abstract
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.proc
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioE
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEnd
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecu
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExec
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(Ta
> at java.lang.Thread.run(Thread.java:745)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)