BugRat Report #389 has been filed.

[BugRat Mail System <to...@cortexity.com>]

Bug report #389 has just been filed.

You can view the report at the following URL:

   <http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/389>

REPORT #389 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: serious
Confidence: public
Environment: 
   Release: 3.2 beta6 + beta7
   JVM Release: SUN JDK1.2.2 and JDK1.3
   Operating System: Solaris 7
   OS Release: Sun 5.7 Generic_106541_11
   Platform: E450

Synopsis: 
AJP13 - buffer overread for POST data with apache and mod_jk 

Description:

I'm using using a servlet to read data POSTed by a html
form, everything works ok unless one of the fields get longer than about 1400 characters. If that happens
tomcat produces the follow errors.

(Static trace from tomcat 3.2beta-7)

java.lang.ArrayIndexOutOfBoundsException
	at org.apache.tomcat.service.connector.Ajp13ConnectorRequest.doRead(Ajp13ConnectorRequest.java:255)
	at org.apache.tomcat.service.connector.Ajp13ConnectorRequest.doRead(Ajp13ConnectorRequest.java:262)
	at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServletInputStream.java:111)
	at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServletInputStream.java:144)
	at javax.servlet.http.HttpUtils.parsePostData(HttpUtils.java:235)
	at org.apache.tomcat.util.RequestUtil.readFormData(RequestUtil.java:101)
	at org.apache.tomcat.core.RequestImpl.handleParameters(RequestImpl.java:691)
	at org.apache.tomcat.core.RequestImpl.getParameterValues(RequestImpl.java:259)
	at org.apache.tomcat.core.RequestImpl.getParameter(RequestImpl.java:250)
	at org.apache.tomcat.facade.HttpServletRequestFacade.getParameter(HttpServletRequestFacade.java:222)
	at org.apache.jasper.servlet.JspServlet.preCompile(JspServlet.java:326)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:370)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
	at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404)
	at org.apache.tomcat.core.Handler.service(Handler.java:286)
	at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
	at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:799)
	at org.apache.tomcat.core.ContextManager.service(ContextManager.java:745)
	at org.apache.tomcat.service.connector.Ajp13ConnectionHandler.processConnection(Ajp13ConnectionHandler.java:160)
	at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:407)
	at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
	at java.lang.Thread.run(Thread.java:479)

It looks like a buffer is being overread here. Notes that
my jsp page is nowhere in the stack trace so this must
be an internal tomcat problem.

I've reproduced the bug under both JDK1.2.2 and JDK1.3.0
from Sun, and for both tomcat 3.2 beta6 and beta7