You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/05/30 18:37:02 UTC

[jira] [Assigned] (TS-2792) Large request header causes unexpected remap

     [ https://issues.apache.org/jira/browse/TS-2792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom reassigned TS-2792:
---------------------------------

    Assignee: Leif Hedstrom  (was: Brian Geffon)

> Large request header causes unexpected remap
> --------------------------------------------
>
>                 Key: TS-2792
>                 URL: https://issues.apache.org/jira/browse/TS-2792
>             Project: Traffic Server
>          Issue Type: Bug
>    Affects Versions: 4.0.2, 5.0.0
>            Reporter: Masakazu Kitajo
>            Assignee: Leif Hedstrom
>            Priority: Critical
>              Labels: review
>             Fix For: 5.0.0
>
>         Attachments: quickfix.diff
>
>
> I get unexpected remap result when I request with likely 4KB of header. It seems to be caused by coalescing of heaps.
> In url_rewrite_remap_request, requestPath points to the path string of the URL. However, the address of the string may be changed in remap process in this function (e.g. request_url->host_set()). Because large header uses lots of space so reallocation of heap may be caused when we modify the header values. So the memcpy in this function may use the old invalid address as a source, and it results unexpected remap and also results broken log outputs.
> It may not cause crashes, but works incorrectly.
> How to reproduce:
> It's hard to reproduce but I believe that requests with likely 3.5 to 4KB of header causes this problem.



--
This message was sent by Atlassian JIRA
(v6.2#6252)