You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/02/29 14:43:52 UTC
[Bug 59089] New: ArrayIndexOutOfBoundsException if header name
contains byte values > 127
https://bz.apache.org/bugzilla/show_bug.cgi?id=59089
Bug ID: 59089
Summary: ArrayIndexOutOfBoundsException if header name contains
byte values > 127
Product: Tomcat 8
Version: 8.0.32
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: apache-bugzilla@michael-kaufmann.ch
If a header name contains a byte value > 127, Tomcat 8 throws this exception:
29-Feb-2016 09:42:47.833 INFO [http-nio-8080-exec-3]
org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP
request header
Note: further occurrences of HTTP header parsing errors will be logged at
DEBUG level.
java.lang.ArrayIndexOutOfBoundsException: -61
at
org.apache.coyote.http11.AbstractNioInputBuffer.parseHeader(AbstractNioInputBuffer.java:474)
at
org.apache.coyote.http11.AbstractNioInputBuffer.parseHeaders(AbstractNioInputBuffer.java:381)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1024)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
The corresponding source code is:
} else if (!HTTP_TOKEN_CHAR[chr]) {
// If a non-token header is detected, skip the line and
// ignore the header
headerData.lastSignificantChar = pos;
return skipLine();
}
"chr" may be negative (-128 ... 127), so this is a possible bugfix:
} else if (chr < 0 || !HTTP_TOKEN_CHAR[chr]) {
This bug is present in 3 source files:
- AbstractNioInputBuffer.java
- InternalAprInputBuffer.java
- InternalInputBuffer.java
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59089] ArrayIndexOutOfBoundsException if header name contains
byte values > 127
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59089
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report. This has been fixed in trunk for 9.0.0.M4 onwards and
8.0.x for 8.0.33 onwards.
In 7.0.x and earlier the request is rejected with a 400 response.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org