You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/02/18 20:53:17 UTC
DO NOT REPLY [Bug 17178] New: -
if user-agent sends cookies that add up more than 4K SocketInputStream throws an exception
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17178>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17178
if user-agent sends cookies that add up more than 4K SocketInputStream throws an exception
Summary: if user-agent sends cookies that add up more than 4K
SocketInputStream throws an exception
Product: Tomcat 4
Version: 4.1.20
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: alejandro.abdelnur@sun.com
The SocketInputStream class reads HTTP headers up to a maximum of 4096 bytes
(HttpHeader.MAX_VALUE_SIZE), after that it fails logging the exception in
catalina's log.
I assume they hardcoded this limit assuming the maximum length of a single
Cookie (4K). However, browsers append cookies into a single Cookies header
separating the cookies with ';'. If you have 2 cookies going with the same
request and adding up more than 4K, then the request fails.
Offending code [SocketInputStream, line 461]:
if ((2 * maxRead) <= HttpHeader.MAX_VALUE_SIZE) {
As browsers are recommended to support at least 20 cookies to a single web site
of 4K each, the value of the HttpHeader.MAX_VALUE_SIZE should be 20 bigger.
[This applies to all 4.x versions]
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org