DO NOT REPLY [Bug 48763] New: AJP Connectors fail when POST requests don't have a Content-Length header

Wed, 17 Feb 2010 16:34:52 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=48763

           Summary: AJP Connectors fail when POST requests don't have a
                    Content-Length header
           Product: Tomcat 6
           Version: 6.0.24
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Connectors
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: bgstew...@covad.net


This problem occurs with both the Java and APR connectors of the coyote AJP
package. The symptom is, when an AJP connection is reused for multiple POST
requests, sporadic errors occur on the second and subsequent requests.


The classes org.apache.coyote.ajp.AjpProcessor and
org.apache.coyote.ajp.AjpAprProcessor look for a positive value in the
Content-Length header to determine whether to read the first Ajp chunk of a
request body.

The http spec says "The presence of a message-body in a request is signaled by
the inclusion of a Content-Length or Transfer-Encoding header field in the
request's header fields." Web service clients generated by Apache Axis2 are one
source of POST requests that have no Content-Length header.

When a client sends a POST request with no Content-Length header, these classes
emit a spurious GET_BODY_CHUNK request on the AJP connection. The first request
on the AJP connection will usually succeed, but for subsequent requests over
the same connection the protocol gets confused, sometimes processing headers as
bodies, and so on.

One symptom of this that I have seen mentioned elsewhere is that web-service
requests are rejected for bad UTF-8 characters.


A patch that worked for me was to change the doRead() method of the
SocketInputBuffer inner-class, to check for the presence of Transfer-Encoding
or Content-Length.

The problem is similar for the Java AJP and the APR AJP, and the same fix seems
to work for both.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to