>Number: 3788
>Category: mod_jserv
>Synopsis: StringIndexOutOfBoundsException thrown in
>JServConnection.getDateHeader()
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: jserv
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Jan 27 19:10:01 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: Apache 1.34, JServ 1.0b2
>Environment:
Running the above Apache and JServ version on a Linux server using the
Blackdown JVM.
>Description:
A StringIndexOutOfBoundsException is thrown when
JServConnection.getDateHeader() attempts to parse the date format (using
SimpleDateFormat.parse()) -- I'm assuming because it's attempting to reference
a location beyond the length of the string.
(Perhaps this is an error with the blackdown SimpleDateFormat class??)
Here is a sample stack trace:
java.lang.StringIndexOutOfBoundsException: String index out of range: 29
at java.lang.String.charAt(String.java)
at java.text.SimpleDateFormat.subParse(SimpleDateFormat.java)
at java.text.SimpleDateFormat.parse(SimpleDateFormat.java)
at java.text.DateFormat.parse(DateFormat.java)
at
org.apache.jserv.JServConnection.getDateHeader(JServConnection.java:1164)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:480)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at org.apache.jserv.JServConnection.run(JServConnection.java:349)
>How-To-Repeat:
http://qtpi.firstweb.com/ (although the bug has been fixed on our server using
my 'patch' (below)).
>Fix:
I have 'patched' the JServConnection class by modifying the getDateHeader
method (attached below). I have enclosed the entire method in a 'try' clause
and return '-1' if anything throws the StringIndexOutOfBoundsException.
public long getDateHeader(String name)
{
try
{
String val = (String)headers_in.get(name.toLowerCase());
SimpleDateFormat sdf;
if (val == null)
{
return -1;
}
sdf = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz");
try
{
Date date = sdf.parse(val);
return date.getTime();
}
catch(ParseException formatNotValid)
{
// try another format
}
sdf = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz");
try
{
Date date = sdf.parse(val);
return date.getTime();
}
catch(ParseException formatNotValid)
{
// Try another format
}
sdf = new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy");
try
{
Date date = sdf.parse(val);
return date.getTime();
}
catch(ParseException formatStillNotValid)
{
throw new IllegalArgumentException(val);
}
}
catch (StringIndexOutOfBoundsException theException)
{
// (!) It seems that SimpleDateFormat.parse() will
throw a
// StringIndexOutOfBoundsException. For my
purposes, I'd rather
// my servlet not die on account of an invalid
date, so I'll just
// return a '-1' and let JServ go along its way...
return -1;
}
}
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]
