Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-644

Bad request vulnerability

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.1 RC1
    • 4.0 Alpha 1
    • HttpClient (classic)
    • None
    • All

    Description

      The HttpParser.readRawLine() method below has no guard code against a post without a end-of-line. A large post of data without "\n" will be read into the ByteArray. If this post is large enough, it will deplete the system of free memory. A DOS attack could easily be played out by submitting several of these post at once. readRawLine should decide that its not reading character data (basically because character data should never show up over something like a megabyte a line) and report an error.

      /**

      • Return byte array from an (unchunked) input stream.
      • Stop reading when <tt>"\n"</tt> terminator encountered
      • If the stream ends before the line terminator is found,
      • the last part of the string will still be returned.
      • If no input data available, <code>null</code> is returned.
        *
      • @param inputStream the stream to read from
        *
      • @throws IOException if an I/O problem occurs
      • @return a byte array from the stream
        */
        public static byte[] readRawLine(InputStream inputStream) throws IOException {
        LOG.trace("enter HttpParser.readRawLine()");

      ByteArrayOutputStream buf = new ByteArrayOutputStream();
      int ch;
      while ((ch = inputStream.read()) >= 0) {
      buf.write(ch);
      if (ch == '\n')

      { // be tolerant (RFC-2616 Section 19.3) break; }

      }
      if (buf.size() == 0)

      { return null; }

      return buf.toByteArray();
      }

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            awyork Andrew York
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment