Need a more accurate content length check
-----------------------------------------
Key: SHINDIG-1096
URL: https://issues.apache.org/jira/browse/SHINDIG-1096
Project: Shindig
Issue Type: Bug
Components: Java
Reporter: chirag shah
Inside org.apache.shindig.gadgets.servlet.RpcServlet.java
It's possible for the value of request.getContentLength() to be a reasonable
value and for the actual size of the post body to be something ridiculous (1GB+)
As you can see, this can lead to some interesting out-of-memory issues since
the damage is already done before the check body.length != length.
I propose that we eliminate the content-length check (it's not required by the
http 1.1 spec) and check the actual length of the post body.
Snippet from RpcServlet:
int length = request.getContentLength();
if (length <= 0) {
logger.info("No Content-Length specified.");
response.setStatus(HttpServletResponse.SC_LENGTH_REQUIRED);
return;
}
if (length > POST_REQUEST_MAX_SIZE) {
logger.info("Request size too large: " + length);
response.setStatus(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
return;
}
ServletInputStream is = request.getInputStream();
byte[] body = IOUtils.toByteArray(is);
if (body.length != length) {
logger.info("Wrong size. Length: " + length + " real: " + body.length);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
return;
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
