You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shindig.apache.org by "Paul Lindner (JIRA)" <ji...@apache.org> on 2009/10/15 09:37:31 UTC

[jira] Resolved: (SHINDIG-1096) Need a more accurate content length check

     [ https://issues.apache.org/jira/browse/SHINDIG-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Lindner resolved SHINDIG-1096.
-----------------------------------

       Resolution: Duplicate
    Fix Version/s: 1.1-BETA4

See SHINDIG-1186 |


> Need a more accurate content length check
> -----------------------------------------
>
>                 Key: SHINDIG-1096
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1096
>             Project: Shindig
>          Issue Type: Bug
>          Components: Java
>            Reporter: chirag shah
>             Fix For: 1.1-BETA4
>
>
> Inside  org.apache.shindig.gadgets.servlet.RpcServlet.java
> It's possible for the value of request.getContentLength() to be a reasonable value and for the actual size of the post body to be something ridiculous (1GB+)
> As you can see, this can lead to some interesting out-of-memory issues since the damage is already done before the check body.length != length.
> I propose that we eliminate the content-length check (it's not required by the http 1.1 spec) and check the actual length of the post body.
> Snippet from RpcServlet:
>     int length = request.getContentLength();
>     if (length <= 0) {
>       logger.info("No Content-Length specified.");
>       response.setStatus(HttpServletResponse.SC_LENGTH_REQUIRED);
>       return;
>     }
>     if (length > POST_REQUEST_MAX_SIZE) {
>       logger.info("Request size too large: " + length);
>       response.setStatus(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
>       return;
>     }
>     ServletInputStream is = request.getInputStream();
>     byte[] body = IOUtils.toByteArray(is);
>     if (body.length != length) {
>       logger.info("Wrong size. Length: " + length + " real: " + body.length);
>       response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
>       return;
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.