Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7139

BufferOverflowException when decoding a parameter values with a trailing %

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.4, 3.1
    • Fix Version/s: 3.1.9, 3.0.12, 3.2.0
    • Component/s: Core
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      When a parameter value contains a trailing %, a BufferOverflowException is thrown.

      e.g. a query to our service containing http://localhost:8080/test/?parameter=test%

      java.nio.BufferOverflowException
              at java.nio.Buffer.nextPutIndex(Buffer.java:521)
              at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:169)
              at org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:102)
              at org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:67)
              at org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:122)
              at org.apache.cxf.jaxrs.utils.HttpUtils.urlDecode(HttpUtils.java:97)
              at org.apache.cxf.jaxrs.utils.JAXRSUtils.getStructuredParams(JAXRSUtils.java:1262)
              at org.apache.cxf.jaxrs.utils.JAXRSUtils.getStructuredParams(JAXRSUtils.java:1236)
              at org.apache.cxf.jaxrs.impl.UriInfoImpl.getQueryParameters(UriInfoImpl.java:115)
              at org.apache.cxf.jaxrs.impl.UriInfoImpl.getQueryParameters(UriInfoImpl.java:109)
              at org.apache.cxf.jaxrs.impl.RequestPreprocessor.preprocess(RequestPreprocessor.java:74)
              at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:102)
              at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
              at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
              at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
              at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254)
              at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
              at org.apache.cxf.transport.servlet.ServletController.invoke(Servlet
              at org.apache.cxf.transport.servlet.ServletController.invoke(Servlet
              at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNo
              at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleReques
              at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(Abstra
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
              at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(Abst
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.jav
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicat
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrap
              at org.apache.catalina.core.StandardContextValve.invoke(StandardCont
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authen
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostVal
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVal
              at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abstract
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngin
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter
              at org.apache.coyote.http11.AbstractHttp11Processor.process(Abstract
              at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.proc
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioE
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEnd
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecu
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExec
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(Ta
              at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sergey_beryozkin Sergey Beryozkin
                Reporter:
                michaelgrant Michael Grant
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: