[jira] [Moved] (HTTPCORE-472) incorrect "Maximum line length limit exceeded" detection is possible

Thu, 15 Jun 2017 01:43:49 -0700 

     [ 
https://issues.apache.org/jira/browse/HTTPCORE-472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski moved HTTPCLIENT-1856 to HTTPCORE-472:
--------------------------------------------------------

    Affects Version/s:     (was: 4.5.3)
                       4.4.6
             Workflow: classic default workflow  (was: Default workflow, 
editable Closed status)
                  Key: HTTPCORE-472  (was: HTTPCLIENT-1856)
              Project: HttpComponents HttpCore  (was: HttpComponents HttpClient)

> incorrect "Maximum line length limit exceeded" detection is possible
> --------------------------------------------------------------------
>
>                 Key: HTTPCORE-472
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-472
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4.6
>            Reporter: Artem Nakonechnyy
>
> the error is in 
> org.apache.http.impl.io.SessionInputBufferImpl#readLine(org.apache.http.util.CharArrayBuffer)
> {code}
> if (maxLineLen > 0) {
>                 final int currentLen = this.linebuffer.length()
>                         + (pos > 0 ? pos : this.bufferlen) - this.bufferpos;
>                 if (currentLen >= maxLineLen) {
>                     throw new MessageConstraintException("Maximum line length 
> limit exceeded");
>                 }
>             }
> {code}
> If LF chanced to be at the beginning of the buffer, {{currentLen}} is 
> calculated incorrectly. It should be {{this.linebuffer.length() + pos - 
> this.bufferpos}}, so, effectively {{this.linebuffer.length() + 0 - 0}}.
> E.g. if maxLineLen=10000, buffer.length=8192 (the default setting), a line is 
> 9000, then it doesn't fit the buffer, thus it's 1st part is read into 
> {{linebuffer}}, 2nd part is read into {{buffer}}. If the 9000 line's 
> terminating LF chances to be the 1st char of that buffer, and after that line 
> it follows more header data, say, exceeding 8192 bytes - then the code 
> calculates {{currentLen = linebuffer.length() + bufferlen - bufferpos = 9000+ 
> 8192 - 0}} > 10000, while actual line length is just 9000.
> I think the fix is to replace {{(pos > 0 ? pos : this.bufferlen)}} to {{(pos 
> > -1 ? pos : this.bufferlen)}}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to