You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Konstantin Preißer <ve...@t-online.de> on 2012/04/20 23:47:06 UTC
BufferOverflowException in Tomcat 7.0.x at AjpAprProcessor.output()
Hi all,
some time ago, I wrote about a BufferOverflowException which I got sporadically on my Tomcat 7.0.21 [1], when using the AJP-APR-Connector.
However, at that time I couldn't reproduce the exception.
When I looked at this again today, I was able to create a client that sends an AJP message and aborts the connection, resulting in the BufferOverflowException in Tomcat. I was using Tomcat 7.0.27 with Tomcat Native 1.1.23, on Oracle JDK 1.7.0_03 and Windows 7 32-bit.
To reproduce,
1. On the Server side, create a web application containing a servlet which will generate some random data:
@WebServlet("/index.html")
public class MyTestServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
response.setContentType("text/plain");
response.setCharacterEncoding("utf-8");
byte[] bytesToWrite = {48, 49, 50, 51, 52, 53, 54, 55, 56, 57};
// Try to write 1,000,000 bytes to the client.
try (OutputStream out = response.getOutputStream()) {
for (int i = 0; i < 100000; i++) {
out.write(bytesToWrite);
}
}
} catch (IOException ex) {
// Ignore
}
}
}
Deploy the application as ROOT, so that the servlet will be reachable at "/".
Configure Tomcat to have an AJP-APR connector listening on port 8009.
2. On the client side, create a program like this:
public class AjpTester {
public static void main(String[] args) throws IOException {
byte[] ajpPacketBytes = { // JK_AJP13_FORWARD_REQUEST for "/"
0x12, 0x34, 0x00, 0x54, 0x02, 0x02, 0x00, 0x08,
0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x31,
0x00, 0x00, 0x01, 0x2f, 0x00, 0x00, 0x07, 0x31,
0x2e, 0x32, 0x2e, 0x33, 0x2e, 0x34, 0x00, 0x00,
0x07, 0x31, 0x2e, 0x32, 0x2e, 0x33, 0x2e, 0x34,
0x00, 0x00, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
0x68, 0x6f, 0x73, 0x74, 0x00, 0x00, 0x50, 0x00,
0x00, 0x02, (byte)0xa0, 0x06, 0x00, 0x0a, 0x4b, 0x65,
0x65, 0x70, 0x2d, 0x41, 0x6c, 0x69, 0x76, 0x65,
0x00, (byte)0xa0, 0x0b, 0x00, 0x09, 0x6c, 0x6f, 0x63,
0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x00, (byte)0xff
};
Socket s = new Socket("localhost", 8009); // connect to AJP port
OutputStream sout = s.getOutputStream();
InputStream sin = s.getInputStream();
sout.write(ajpPacketBytes); // request Url "/"
// Read between 10,000 and 11,023 bytes, then exit the JVM
byte[] buf = new byte[1024];
int read;
int bytesRead = 0;
while ((read = sin.read(buf)) > 0) {
bytesRead += read;
if (bytesRead >= 10000) {
System.exit(1);
}
}
}
}
The client will send an JK_AJP13_FORWARD_REQUEST message which requests URL "/" and sends "Connection: keep-alive" and "Host: localhost" headers.
3. Tomcat will display this exception:
Apr 20, 2012 10:57:08 PM org.apache.coyote.ajp.AjpAprProcessor process
Schwerwiegend: Error processing request
java.nio.BufferOverflowException
at java.nio.DirectByteBuffer.put(DirectByteBuffer.java:357)
at org.apache.coyote.ajp.AjpAprProcessor.output(AjpAprProcessor.java:285)
at org.apache.coyote.ajp.AbstractAjpProcessor$SocketOutputBuffer.doWrite(AbstractAjpProcessor.java:1119)
at org.apache.coyote.Response.doWrite(Response.java:504)
at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:383)
at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:462)
at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:334)
at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:283)
at org.apache.catalina.connector.Response.finishResponse(Response.java:511)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:434)
at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:197)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1812)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
I guess the exception itself is harmless, but it may fill up log files, if clients disconnect frequently while receiving data.
Note that before that exception occurs, a regular "ClientAbortException: java.io.IOException: Failed to send AJP message" is thrown by org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:388).
The exception occurs neither with AJP-BIO nor with AJP-NIO.
Regards,
Konstantin Preißer
[1] http://markmail.org/message/zogi3tfbz2kyw3jg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org