DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24429>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24429 SocketTimeout is not treated as milliseconds in Http1Protocol.java Summary: SocketTimeout is not treated as milliseconds in Http1Protocol.java Product: Tomcat 4 Version: 4.1.29 Platform: All OS/Version: All Status: NEW Severity: Major Priority: Other Component: Connector:Coyote HTTP/1.1 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] All versions of java.org.apache.coyote.http11.Http11Protocol.setTimeout(int timeouts) incorrectly multiply the timeout with 1000 when it is initially set. This causes an invalid timeout being set on the SocketConnection when a first request is made on a new TcpConnection. New code must be: setTimeout(int timeouts) { timeout = timeouts; setAttribute("timeout", ""+timeouts); } I think this surely has impact (but correct me if i'm wrong) when a DOS attack is being made, cause the timeout is simply way to large. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
