You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/03/05 14:13:00 UTC
[jira] [Resolved] (CXF-8217) StackOverflow if double quotes present
[ https://issues.apache.org/jira/browse/CXF-8217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved CXF-8217.
--------------------------------------
Resolution: Cannot Reproduce
Please re-open if you can supply a way of reproducing the issue.
> StackOverflow if double quotes present
> --------------------------------------
>
> Key: CXF-8217
> URL: https://issues.apache.org/jira/browse/CXF-8217
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 3.2.7
> Reporter: Marcos Rivas
> Priority: Major
>
> When a double quote is present in a HTTP header, a StackOverflow is thrown by CXF.
> If this header is passed:
> {code:java}
> Forwarded=[for=192.168.0.1;host=localhost;proto=http;proto-version=""],{code}
> It will cause a StackOverflow error:
> {code:java}
> 08:14:03.035 [XNIO-2 task-2] WARN o.a.cxf.phase.PhaseInterceptorChain - Interceptor for {http://www.mytest.com/services/business/logOn/v1}logOnServicePortService#{http://www.mytest.com/services/business/logOn/v1}logOnService has thrown exception, unwinding now08:14:03.035 [XNIO-2 task-2] WARN o.a.cxf.phase.PhaseInterceptorChain - Interceptor for {http://www.mytest.com/services/business/logOn/v1}logOnServicePortService#{http://www.mytest.com/services/business/logOn/v1}logOnService has thrown exception, unwinding noworg.apache.cxf.interceptor.Fault: null
> at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:144)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:706)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103)
> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.StackOverflowError: null
> at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4857)
> at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731)
> at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582)
> at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791)
> at java.util.regex.Pattern$Branch.match(Pattern.java:4618)
> at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672)
> at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861)
> at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731)
> at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582)
> at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791)
> at java.util.regex.Pattern$Branch.match(Pattern.java:4618)
> at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672)
> at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861)
> at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731)
> at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582)
> at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791)
> at java.util.regex.Pattern$Branch.match(Pattern.java:4618)
> at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672)
> at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861)
> at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731)
> at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582)
> at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791)
> at java.util.regex.Pattern$Branch.match(Pattern.java:4618)
> at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672)
> at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861)
> at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731)
> at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582)
> at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791)
> {code}
> If the header is passed without double quotes:
> {code:java}
> Forwarded=[for=192.168.0.1;host=localhost;proto=http;proto-version=],{code}
> The service works correctly.
> This issue is caused by the bug in the Openshift router [#8|[https://github.com/openshift/router/pull/8]], however the presence of double quotes should not cause a StackOverfow error.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)