You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/04/27 16:14:06 UTC
[Bug 64384] New: is ignored when there is no
element specified
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
Bug ID: 64384
Summary: <multipart-config> is ignored when there is no
<file-threshold-size> element specified
Product: Tomcat 8
Version: 8.5.51
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: chris@christopherschultz.net
Target Milestone: ----
When a <multipart-config> element is present without any <file-size-threshold>
child element, the whole <multipart-config> appears to be ignored. Specifying
<file-size-threshold>0</file-size-threshold> (which is the default) results in
expected behavior.
With sample configuration:
<multipart-config>
<max-file-size>1048576</max-file-size><!-- 1MiB -->
<max-request-size>1049600</max-request-size><!-- 1 MiB + 1 kiB -->
<file-size-threshold>1024</file-size-threshold><!-- 1KiB -->
</multipart-config>
File sizes larger than 1MiB are rejected as expected. Removing the
<file-size-threshold> element completely causes large files to be accepted as
if the configuration were not there.
Attaching a debugger, I can see that the multipartConfigElement is essentially
all defaults:
multipartConfigElement MultipartConfigElement (id=545)
fileSizeThreshold 0
location "" (id=550)
maxFileSize -1
maxRequestSize -1
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored if any of
max-file-size/max-request-size/file-threshold-size elements are missing
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
--- Comment #8 from Christopher Schultz <ch...@christopherschultz.net> ---
Rémy has back-ported to 9.0.x and 8.5.x.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored when there is no
element specified
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
--- Comment #3 from Christopher Schultz <ch...@christopherschultz.net> ---
I think I've found the problem, at ContextConfig:1355:
1355 MultipartDef multipartdef = servlet.getMultipartDef();
1356 if (multipartdef != null) {
1357 if (multipartdef.getMaxFileSize() != null &&
1358 multipartdef.getMaxRequestSize()!= null &&
1359 multipartdef.getFileSizeThreshold() != null) {
1360 wrapper.setMultipartConfigElement(new
MultipartConfigElement(
multipartdef.getLocation(),
Long.parseLong(multipartdef.getMaxFileSize()),
Long.parseLong(multipartdef.getMaxRequestSize()),
Integer.parseInt(
multipartdef.getFileSizeThreshold())));
} else {
wrapper.setMultipartConfigElement(new
MultipartConfigElement(
multipartdef.getLocation()));
}
}
When execution reaches 1355, the MultipartDef object contains the expected
values:
maxFileSize=1048576
maxRequestSize=1049600
fileSizeThreshold=null
The predicate on lines 1357 - 1359 cause this configuration to not be applied
if any of the items are missing.
The servlet spec allows any of these items to be missing, so I believe this is
a bug and spec violation together in one.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored when there is no
element specified
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
--- Comment #4 from Christopher Schultz <ch...@christopherschultz.net> ---
Created attachment 37199
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37199&action=edit
Proposed patch
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored when there is no
element specified
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
--- Comment #1 from Christopher Schultz <ch...@christopherschultz.net> ---
Created attachment 37198
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37198&action=edit
Sample WAR file which reproduces the issue
This WAR file (including source) will work as expected:
1. Deploy the WAR file
2. Navigate to /test which will load index.html
3. Choose an arbitrary file and upload
4a. A small enough file will yield a debug output
4b. A large enough file (> 1MiB) will cause an error
If you edit WEB-INF/web.xml to remove the <file-size-threshold>, you will be
able to upload any size file without error.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored if any of
max-file-size/max-request-size/file-threshold-size elements are missing
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
Christopher Schultz <ch...@christopherschultz.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #7 from Christopher Schultz <ch...@christopherschultz.net> ---
Fixed in trunk (tc10) in commit 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
Working on my git-fu to back-port to other supported branches.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored if any of
max-file-size/max-request-size/file-threshold-size elements are missing
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
Christopher Schultz <ch...@christopherschultz.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|<multipart-config> is |<multipart-config> is
|ignored when there is no |ignored if any of
|<file-threshold-size> |max-file-size/max-request-s
|element specified |ize/file-threshold-size
| |elements are missing
--- Comment #5 from Christopher Schultz <ch...@christopherschultz.net> ---
Updating description to reflect the fact that any missing element can cause
this.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored when there is no
element specified
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
--- Comment #2 from Remy Maucherat <re...@apache.org> ---
Ok, ok, the check here looks inaccurate:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/startup/ContextConfig.java#L1365
Unless all are set, only the location would be used.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64384] is ignored if any of
max-file-size/max-request-size/file-threshold-size elements are missing
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64384
--- Comment #6 from Christopher Schultz <ch...@christopherschultz.net> ---
Initial testing indicates this patch is correct.
I'll commit once I build a proper test-case.
My guess is that this will not affect uses of @MultipartConfig annotation, as
this bug occurs when copying the web.xml config to the live servlet (wrapper)
object.
Temporary workaround for anyone observing lack of <multipart-config>: Make sure
to specify all of max-file-size, max-request-size, file-size-threshold
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org