[jira] Resolved: (HTTPCLIENT-644) Bad request vulnerability

Wed, 04 Apr 2007 12:10:53 -0700 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-644.
------------------------------------------

       Resolution: Fixed
    Fix Version/s: 4.0 Alpha 1

Andrew,

This problem has been solved in HttpClient 4.0 code line (see HTTPCORE-4). It 
is not going to be fixed in HttpClient 3.x (see (HTTPCLIENT-305).

Oleg

> Bad request vulnerability 
> --------------------------
>
>                 Key: HTTPCLIENT-644
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-644
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 RC1
>         Environment: All
>            Reporter: Andrew York
>             Fix For: 4.0 Alpha 1
>
>
> The HttpParser.readRawLine() method below has no guard code against a post 
> without a end-of-line.  A large post of data without "\n" will be read into 
> the ByteArray.  If this post is large enough, it will deplete the system of 
> free memory.  A DOS attack could easily be played out by submitting several 
> of these post at once.   readRawLine should decide that its not reading 
> character data (basically because character data should never show up over 
> something like a megabyte a line) and report an error.  
>    /**
>      * Return byte array from an (unchunked) input stream.
>      * Stop reading when <tt>"\n"</tt> terminator encountered 
>      * If the stream ends before the line terminator is found,
>      * the last part of the string will still be returned. 
>      * If no input data available, <code>null</code> is returned.
>      *
>      * @param inputStream the stream to read from
>      *
>      * @throws IOException if an I/O problem occurs
>      * @return a byte array from the stream
>      */
>     public static byte[] readRawLine(InputStream inputStream) throws 
> IOException {
>         LOG.trace("enter HttpParser.readRawLine()");
>         ByteArrayOutputStream buf = new ByteArrayOutputStream();
>         int ch;
>         while ((ch = inputStream.read()) >= 0) {
>             buf.write(ch);
>             if (ch == '\n') { // be tolerant (RFC-2616 Section 19.3)
>                 break;
>             }
>         }
>         if (buf.size() == 0) {
>             return null;
>         }
>         return buf.toByteArray();
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to