Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-5106

org.apache.coyote.http11.InternalOutputBuffer is not safe

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 7.1.1.Final
    • Web
    • None

      As soon as the http response should be send, there might be the problem, where the headers exceed the size of the internal output buffer. (see https://issues.jboss.org/browse/ARQ-982)

      • No boundary check on the array 'buf' of InternalOutputBuffer
      • problem: The whole sendHeader-routine is not able to split the send of http headers.

      Example stack trace (arquillian warp is adds the big header):

      ArrayIndexOutOfBoundsException

InternalOutputBuffer.write(String) line: 698	
InternalOutputBuffer.write(MessageBytes) line: 607	
InternalOutputBuffer.sendHeader(MessageBytes, MessageBytes) line: 479	
Http11Processor.prepareResponse() line: 1648	
Http11Processor.action(ActionCode, Object) line: 998	
Response.action(ActionCode, Object) line: 188	
InternalOutputBuffer.doWrite(ByteChunk, Response) line: 552	
Response.doWrite(ByteChunk) line: 594	
OutputBuffer.realWriteBytes(byte[], int, int) line: 398	
ByteChunk.flushBuffer() line: 449	
ByteChunk.append(byte[], int, int) line: 349	
OutputBuffer.writeBytes(byte[], int, int) line: 426	
OutputBuffer.write(byte[], int, int) line: 415	
CoyoteOutputStream.write(byte[], int, int) line: 89	
CoyoteOutputStream.write(byte[]) line: 83	
NonWritingPrintWriter.finallyWriteAndClose(ServletOutputStream) line: 58	
WarpFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 189	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
TransactionWebFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 38	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
NTLMFakeFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 33	
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 280	
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 248	
StandardWrapperValve.invoke(Request, Response) line: 275	
StandardContextValve.invoke(Request, Response) line: 161	
WebNonTxEmCloserValve.invoke(Request, Response) line: 50	
SecurityContextAssociationValve.invoke(Request, Response) line: 153	
StandardHostValve.invoke(Request, Response) line: 155	
ErrorReportValve.invoke(Request, Response) line: 102	
StandardEngineValve.invoke(Request, Response) line: 109	
CoyoteAdapter.service(Request, Response) line: 368	
Http11Processor.process(Socket) line: 877	
Http11Protocol$Http11ConnectionHandler.process(Socket) line: 671	
JIoEndpoint$Worker.run() line: 930	
Thread.run() line: not available

            rmaucher Remy Maucherat
            ste_gr Stefan Gr (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: