[
https://issues.apache.org/jira/browse/XMLRPC-166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jochen Wiedmann resolved XMLRPC-166.
------------------------------------
Resolution: Fixed
Fix Version/s: 3.1.2
Assignee: Jochen Wiedmann
Applied, with minor modifications. Thank you!
> Misbehaving clients can hang ServletWebServer
> ---------------------------------------------
>
> Key: XMLRPC-166
> URL: https://issues.apache.org/jira/browse/XMLRPC-166
> Project: XML-RPC
> Issue Type: Bug
> Affects Versions: 3.1.1
> Reporter: Alan Burlison
> Assignee: Jochen Wiedmann
> Fix For: 3.1.2
>
> Attachments: hang.patch
>
>
> We are using the ServletWebServer class, and we are getting occasional hangs,
> where the listener thread gets stuck as follows:
> "XML-RPC Weblistener" prio=3 tid=0x089bd000 nid=0x15 runnable
> [0xe22ce000..0xe22ceb60]
> java.lang.Thread.State: RUNNABLE
> at java.net.SocketInputStream.socketRead0(Native Method)
> at java.net.SocketInputStream.read(SocketInputStream.java:129)
> at
> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
> - locked <0xeb722510> (a java.lang.Object)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:746)
> at
> com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
> - locked <0xeb722838> (a com.sun.net.ssl.internal.ssl.AppInputStream)
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:237)
> - locked <0xeb72ae70> (a
> org.apache.xmlrpc.webserver.HttpServletRequestImpl$1)
> at
> org.apache.xmlrpc.webserver.HttpServletRequestImpl$2.read(HttpServletRequestImpl.java:94)
> at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:94)
> at
> org.apache.xmlrpc.webserver.HttpServletRequestImpl.readLine(HttpServletRequestImpl.java:170)
> at org.apache.xmlrpc.webserver.HttpServletRequestImpl.
> (HttpServletRequestImpl.java:106)
> at org.apache.xmlrpc.webserver.ServletConnection.
> (ServletConnection.java:50)
> at
> org.apache.xmlrpc.webserver.ServletWebServer.newTask(ServletWebServer.java:145)
> at org.apache.xmlrpc.webserver.WebServer.run(WebServer.java:335)
> at java.lang.Thread.run(Thread.java:619)
> The problem is this: when an incoming connection comes in, a new
> HttpServletRequestImpl object is created. The constructor of that class
> reads in the HTTP headers. The problem with *that* is that the
> HttpServletRequestImpl constructor runs in the same thread that accepts
> incoming connections, so if it blocks for any reason (e.g. the client hangs)
> it blocks the accept thread, which means that any new connections also hang.
> I'm therefore proposing that the reading of the HTTP headers be factored out
> of the HttpServletRequestImpl constructor and into a new method that is
> called from the 'run' method of the thread that handles the request. That
> way, a client that hangs will only hang the thread that is servicing it and
> not the entire XML-RPC server.
> Can anyone think of any reasons why this might cause problems? If not I'll
> do the changes and submit a patch.
> I also note that Connection class does this:
> // set read timeout to 30 seconds
> socket.setSoTimeout (30000);
> That *should* mean that the maximum time a client can hang the server for is
> 30 seconds, but by observation that's clearly not happening and needs further
> investigation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
