Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
4.4.6
-
None
-
None
Description
the error is in org.apache.http.impl.io.SessionInputBufferImpl#readLine(org.apache.http.util.CharArrayBuffer)
if (maxLineLen > 0) { final int currentLen = this.linebuffer.length() + (pos > 0 ? pos : this.bufferlen) - this.bufferpos; if (currentLen >= maxLineLen) { throw new MessageConstraintException("Maximum line length limit exceeded"); } }
If LF chanced to be at the beginning of the buffer, currentLen is calculated incorrectly. It should be this.linebuffer.length() + pos - this.bufferpos, so, effectively this.linebuffer.length() + 0 - 0.
E.g. if maxLineLen=10000, buffer.length=8192 (the default setting), a line is 9000, then it doesn't fit the buffer, thus it's 1st part is read into linebuffer, 2nd part is read into buffer. If the 9000 line's terminating LF chances to be the 1st char of that buffer, and after that line it follows more header data, say, exceeding 8192 bytes - then the code calculates currentLen = linebuffer.length() + bufferlen - bufferpos = 9000+ 8192 - 0 > 10000, while actual line length is just 9000.
I think the fix is to replace (pos > 0 ? pos : this.bufferlen) to (pos > -1 ? pos : this.bufferlen)