You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chris Rolfe <sp...@telus.net> on 2004/02/06 22:04:35 UTC
SocketInputStream hanging Tomcat 4.0.6
Help! On a production system that's been rock-solid for 18 months, Tomcat is
suddenly hanging on a daily basis!
Before the server hangs, we're logging runtime exceptions from
SocketInputStream.readHeader: the log records ArrayIndexOutOfBounds
exceptions every second for a few hours, then the server responds to every
subsequent request with a 400 "Bad Header" response, ie. hangs.
The same/similar problem was reported a year ago, see
http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg85861.html
Can anyone shed light on what is happening? Or suggest a workaround/fix?
Thanks,
Chris
Sample stack trace:
--------------------
2004-02-04 22:20:06 HttpProcessor[8080][14] process.parse
java.lang.ArrayIndexOutOfBoundsException
at
org.apache.catalina.connector.http.SocketInputStream.readHeader(SocketInputS
tream.java:487)
at
org.apache.catalina.connector.http.HttpProcessor.parseHeaders(HttpProcessor.
java:579)
at
org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:
977)
at
org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1125
)
at java.lang.Thread.run(Thread.java:491)
-------------------------------
SocketInputStream.java line 487:
-------------------------------
while (!eol) {
// if the buffer is full, extend it
if (readCount >= maxRead) {
if ((2 * maxRead) <= HttpHeader.MAX_VALUE_SIZE) {
char[] newBuffer = new char[2 * maxRead];
System.arraycopy(header.value, 0, newBuffer, 0,
maxRead);
header.value = newBuffer;
maxRead = header.value.length;
} else {
throw new IOException
(sm.getString("requestStream.readline.toolong"));
}
}
// We're at the end of the internal buffer
if (pos >= count) {
// Copying part (or all) of the internal buffer to the line
// buffer
int val = read();
if (val == -1)
throw new IOException
(sm.getString("requestStream.readline.error"));
pos = 0;
readStart = 0;
}
if (buf[pos] == CR) {
} else if (buf[pos] == LF) {
eol = true;
} else {
// FIXME : Check if binary conversion is working fine
int ch = buf[pos] & 0xff;
header.value[readCount] = (char) ch; // <--- LINE 487
readCount++;
}
pos++;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat hangs
Posted by Chris Rolfe <sp...@telus.net>.
Hello,
I posted a query last week about Tomcat 4.0.6 under OS X hanging, but
haven't seen any response (was: SocketInputStream hanging Tomcat 4.0.6).
Is there anything more I can do ( more information I can provide, for
example ) to illicit feedback from the list or the developer of the code
section?
This appears to be a vulnerability in Tomcat 4.0.6 - 4.1.x.
-----------------
The problem:
Stage 1: According to the catalina log, SocketInputStream.readHeader is
throwing ArrayIndexOutOfBounds exceptions at line 487.
Stage 2: Successive throws eventually cause Tomcat to respond to all
requests with error 400: bad request.
The original http requests stemmed from one IP range, whose access I've
since disabled. I'm very concerned that a single user was able to bring down
the server.
Does anyone have a feel for what's happening here?
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org