[
https://issues.apache.org/jira/browse/TS-2792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom updated TS-2792:
------------------------------
Labels: review (was: )
> Large request header causes unexpected remap
> --------------------------------------------
>
> Key: TS-2792
> URL: https://issues.apache.org/jira/browse/TS-2792
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 4.0.2, 5.0.0
> Reporter: Masakazu Kitajo
> Assignee: Brian Geffon
> Priority: Critical
> Labels: review
> Fix For: 5.0.0
>
> Attachments: quickfix.diff
>
>
> I get unexpected remap result when I request with likely 4KB of header. It
> seems to be caused by coalescing of heaps.
> In url_rewrite_remap_request, requestPath points to the path string of the
> URL. However, the address of the string may be changed in remap process in
> this function (e.g. request_url->host_set()). Because large header uses lots
> of space so reallocation of heap may be caused when we modify the header
> values. So the memcpy in this function may use the old invalid address as a
> source, and it results unexpected remap and also results broken log outputs.
> It may not cause crashes, but works incorrectly.
> How to reproduce:
> It's hard to reproduce but I believe that requests with likely 3.5 to 4KB of
> header causes this problem.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
