Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Cannot Reproduce
-
3.2.7
-
None
-
None
-
Unknown
Description
When a double quote is present in a HTTP header, a StackOverflow is thrown by CXF.
If this header is passed:
Forwarded=[for=192.168.0.1;host=localhost;proto=http;proto-version=""],
It will cause a StackOverflow error:
08:14:03.035 [XNIO-2 task-2] WARN o.a.cxf.phase.PhaseInterceptorChain - Interceptor for {http://www.mytest.com/services/business/logOn/v1}logOnServicePortService#{http://www.mytest.com/services/business/logOn/v1}logOnService has thrown exception, unwinding now08:14:03.035 [XNIO-2 task-2] WARN o.a.cxf.phase.PhaseInterceptorChain - Interceptor for {http://www.mytest.com/services/business/logOn/v1}logOnServicePortService#{http://www.mytest.com/services/business/logOn/v1}logOnService has thrown exception, unwinding noworg.apache.cxf.interceptor.Fault: null at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:144) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) at javax.servlet.http.HttpServlet.service(HttpServlet.java:706) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.StackOverflowError: null at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4857) at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731) at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582) at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791) at java.util.regex.Pattern$Branch.match(Pattern.java:4618) at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672) at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861) at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731) at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582) at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791) at java.util.regex.Pattern$Branch.match(Pattern.java:4618) at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672) at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861) at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731) at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582) at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791) at java.util.regex.Pattern$Branch.match(Pattern.java:4618) at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672) at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861) at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731) at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582) at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791) at java.util.regex.Pattern$Branch.match(Pattern.java:4618) at java.util.regex.Pattern$GroupHead.match(Pattern.java:4672) at java.util.regex.Pattern$LazyLoop.match(Pattern.java:4861) at java.util.regex.Pattern$GroupTail.match(Pattern.java:4731) at java.util.regex.Pattern$BranchConn.match(Pattern.java:4582) at java.util.regex.Pattern$CharProperty.match(Pattern.java:3791)
If the header is passed without double quotes:
Forwarded=[for=192.168.0.1;host=localhost;proto=http;proto-version=],
The service works correctly.
This issue is caused by the bug in the Openshift router [#8|https://github.com/openshift/router/pull/8], however the presence of double quotes should not cause a StackOverfow error.