You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/09/09 10:34:49 UTC
[Bug 60100] New: Garbage appended at end of request URL
https://bz.apache.org/bugzilla/show_bug.cgi?id=60100
Bug ID: 60100
Summary: Garbage appended at end of request URL
Product: Tomcat 8
Version: 8.0.32
Hardware: Other
OS: AIX
Status: NEW
Severity: normal
Priority: P2
Component: WebSocket
Assignee: dev@tomcat.apache.org
Reporter: giovacchini.andrea@konvergence.it
After some months of normal work one of our servlets started giving null
pointer exception due to the received requests, so we thought the problem was
the calling application, but when we debugged it we saw it was doing good
requests so last resort was to restart Tomcat then everything worked fine.
These are the details from localhost_access_log:
Bad requests had all these "%20HTTP/1.1%22%20200%20111" in the end:
10.160.252.23 - - [09/Sep/2016:11:26:44 +0200] "GET
/EkoLoyServlet/EkoLoyServlet?codiceCarta=088800002401&priOutMode=vs5&retrieveFloatBal=true&srcLoyChan=001&encodingValue=ISO-8859-1&isRetrievePsxData=false&retrieveVchTmplList=true&isVchResActive=true&isCoopJsdr3Version=true&isBalanceDetails=true%20HTTP/1.1%22%20200%20111
HTTP/1.1" 200 2842
Good request are like these:
10.160.252.24 - - [09/Sep/2016:11:29:30 +0200] "GET
/EkoLoyServlet/EkoLoyServlet?codiceCarta=088800002401&priOutMode=vs5&retrieveFloatBal=true&srcLoyChan=001&encodingValue=ISO-8859-1&isRetrievePsxData=false&retrieveVchTmplList=true&isVchResActive=true&isCoopJsdr3Version=true&isBalanceDetails=true
HTTP/1.1" 200 111
Tomcat version is 8.0.32, I've searched the change notes for 8.0.x version
released after our and I've not recognized problems like these.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60100] Garbage appended at end of request URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60100
Andrea Giovacchini <gi...@konvergence.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60100] Garbage appended at end of request URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60100
--- Comment #3 from Andrea Giovacchini <gi...@konvergence.it> ---
(In reply to Konstantin Kolinko from comment #2)
Hi, the request were coming from valid clients, I was doing them with one of
our applications and no one else was calling, it's a test environment in a
private network.
I can't see what the %{User-Agent} will print if added to logging because the
problem disappeared after restarting Tomcat and the has been no way I was able
to reproduce it again.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60100] Garbage appended at end of request URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60100
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEEDINFO |RESOLVED
--- Comment #5 from Mark Thomas <ma...@apache.org> ---
On the basis the OP has been unable to reproduce this, resolve this as works
for me. It can always be re-opened if further information comes to light.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60100] Garbage appended at end of request URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60100
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
That is most strange. The sequence:
%20HTTP/1.1%22%20200%20111
decodes to
HTTP/1.1" 200 111
Which is the string from the end of the access log. I don't see how that ended
up in the request line.
The only place those values are available in that format (the decoded form) is
the access log. But I cannot see how they could end up in the request line. Or
even how the AccessLogValve could corrupt the value of the request line -
especially with the encoding since the AccessLogValve doesn't encode anything.
We are going to need more information to progress this.
When the problem occurred, did all requests fail or just some. Was the a
pattern?
How repeatable is this? I'd like to see a tcpdump of a faulty request to
confirm a=exactly what is on the wire.
What is the architecture of the system. Is it multiple clients connecting
directly to a single Tomcat instance or are the reverse proxies /
load-balancers involved?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60100] Garbage appended at end of request URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60100
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
Restoring the NEEDINFO state. Comment #1 has a number of unanswered questions.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60100] Garbage appended at end of request URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60100
--- Comment #2 from Konstantin Kolinko <kn...@gmail.com> ---
Are those rquests coming from valid clients? (Is value of user-agent header as
expected? Note that it can be logged with %{User-Agent}i)
Maybe some bot is reading your access logs and tries URLs that are mentioned in
them? Or some human? If browser interprets some text as url, it will
automatically encode spaces as '%20' when doing a request.
I can imagine "HTTP/1.1" being in URL if request line is parsed incorrectly (as
such characters are naturally present on the first line of HTTP request), but
seeing "200 111" there is odd. The only place where strings "HTTP/1.1" and "200
111" are near each other is your access log, and the log lines are generated on
the fly when writing the data out. Format of the log is configurable.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org