You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/08 15:35:33 UTC

DO NOT REPLY [Bug 24763] - Apache-Tomcat comm fails streaming objects of certain predictble sizes

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24763>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24763

Apache-Tomcat comm fails streaming objects of certain predictble sizes





------- Additional Comments From andry@keysurvey.com  2003-12-08 14:35 -------
some easy steps to reproduce this kind of error
(in short, parameter value of some certain length gets 
changed in transit - last character of the parameter value
gets equal to '\u0000' instead of '\u0030' which was originally
sent)

1) create a jsp - say bb.jsp
<%
  String v = request.getParameter("v");
  int LEN=8185;
  for( int i=0; i<LEN; i++ ){
    System.err.println(i+"="+(int)v.charAt(i));
  }
%>

2)
run the following (change your-host-apache-tomcat with real path) -
that code will make a POST request to bb.jsp

  static void testJK2bug() throws Exception {
    int LEN = 8185;
    URL u = new URL("http://your-host-apache-tomcat/bb.jsp");
    URLConnection uc = u.openConnection();
    uc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    StringBuffer val = new StringBuffer("v=");
    for (int j = 0; j < LEN; j++) {
      val.append("0");
    }
    uc.setRequestProperty("Content-Length", "" + val.length());
    uc.setDoOutput(true);
    uc.getOutputStream().write(val.toString().getBytes());
    uc.getInputStream().read();
  }

3) see in catalina.out that last character in the parameter value
is '\u0000' , not '\u0030' as it should be


That kind of problem (filling with 0-es) is not limited to single byte.
Out production site sometimes experiences blocks of zeroes
somehow becoming parameter names/values, so the problem is rather critical.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org