>Number: 5285
>Category: mod_jserv
>Synopsis: no EOF from getInputStream when content-length passed
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: jserv
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Nov 10 12:30:02 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.1b3
>Environment:
Win95/MS JVM
>Description:
I'm using this code to process a post in XML encoding with 1.1b3:
if ("POST".equals(request.getMethod())) {
if ("text/xml".equals(request.getContentType())) {
Parser p = new com.sun.xml.parser.Parser();
p.setDocumentHandler(page);
InputSource source = new InputSource(request.getInputStream());
p.parse(source);
}
}
The problem is with sun's xml parser. The parser reads until EOF and does not
have anyway to specify a content-length.
Jserv's implementation does not detect a read past the length specified in
content-length and indicate EOF. Instead the read routine in JServInputStream
will hang trying to read more data from the browser that isn't coming until it
times out.
I made a simple patch for this problem by changing read to:
public int read(byte b[], int off, int len) throws IOException {
if (in.available() == 0)
return 0;
return in.read(b,off,len);
}
This patch is not correct but it fixes the issue in my case. This patch will
incorrectly terminate a large RFC1867 post. The correct patch needs to track
how many bytes have been read. It also needs to compute the return value from
read() and available() based on bytes read vs content-length if content-length
has been specified.
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
