Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.4.9
-
None
-
Reviewed
Description
In the RESTServer we set the HeaderCache size to DEFAULT_HTTP_MAX_HEADER_SIZE (65536). That's not compatible with jetty-9.4.x because the cache size is limited by Character.MAX_VALUE - 1 (65534) there. According to the Jetty source code comments, it's possible to have a buffer overflow in the cache for higher values and that might lead to wrong/incomplete values returned by cache and following incorrect header handling.
There are a couple of ways to fix it:
1. change the value of DEFAULT_HTTP_MAX_HEADER_SIZE to 65534
2. make header cache size configurable and set its size separately from the header size.
I believe that the second would give us more flexibility.
Attachments
Issue Links
- links to