https://bz.apache.org/bugzilla/show_bug.cgi?id=60232
Bug ID: 60232 Summary: HTTP/2 connector stuck when parsing big http header Product: Tomcat 8 Version: 8.5.5 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: barney...@gmail.com HTTP/2 connector of tomcat 8.5.5 is getting stuck (endless busy loop) when parsing a big (e.g. 30kb) http header. Steps to reproduce using apache-tomcat-8.5.5-windows-x86.zip on windows 7 (64) and jre 1.8.0_102 (32): 1.) configure a https connector including http2 upgrade, e.g. <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeyFile="key.key" certificateFile="cert.crt" /> </SSLHostConfig> </Connector> 2.) Point Firefox to https://localhost:8443/, verify HTTP/2 is used using Network View in Developer Tools 3.) For the verified request, use 'Edit and Resend' to add a big http header, e.g. X-Big-Header: <put 30kb of text here> and send that request 4.) The request never returns, and Windows Task Manager shows that tomcat's java vm now fully uses one core 5.) Stacktrace of the stuck thread looks like this: Name: https-openssl-apr-8443-exec-6 State: RUNNABLE Total blocked: 0 Total waited: 1 Stack trace: org.apache.coyote.http2.HPackHuffman.decode(HPackHuffman.java:383) org.apache.coyote.http2.HpackDecoder.readHuffmanString(HpackDecoder.java:215) org.apache.coyote.http2.HpackDecoder.readHpackString(HpackDecoder.java:204) org.apache.coyote.http2.HpackDecoder.readHeaderName(HpackDecoder.java:188) org.apache.coyote.http2.HpackDecoder.decode(HpackDecoder.java:116) org.apache.coyote.http2.Http2Parser.readHeaderBlock(Http2Parser.java:404) org.apache.coyote.http2.Http2Parser.readHeadersFrame(Http2Parser.java:246) org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:96) org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:68) org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:314) org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54) org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:53) org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802) org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2241) org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) - locked org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@cd6eb java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:745) In case you're wondering what the use-case for such big headers is: they actually occur when using SPNEGO/Kerberos. The 'Negotiate'-Header can easily be dozens of KB long. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org