Uploaded image for project: 'HttpComponents HttpCore'
  1. HttpComponents HttpCore
  2. HTTPCORE-472

incorrect "Maximum line length limit exceeded" detection is possible

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.4.6
    • Fix Version/s: 4.4.7, 5.0-alpha4
    • Component/s: None
    • Labels:
      None

      Description

      the error is in org.apache.http.impl.io.SessionInputBufferImpl#readLine(org.apache.http.util.CharArrayBuffer)

      if (maxLineLen > 0) {
                      final int currentLen = this.linebuffer.length()
                              + (pos > 0 ? pos : this.bufferlen) - this.bufferpos;
                      if (currentLen >= maxLineLen) {
                          throw new MessageConstraintException("Maximum line length limit exceeded");
                      }
                  }
      

      If LF chanced to be at the beginning of the buffer, currentLen is calculated incorrectly. It should be this.linebuffer.length() + pos - this.bufferpos, so, effectively this.linebuffer.length() + 0 - 0.

      E.g. if maxLineLen=10000, buffer.length=8192 (the default setting), a line is 9000, then it doesn't fit the buffer, thus it's 1st part is read into linebuffer, 2nd part is read into buffer. If the 9000 line's terminating LF chances to be the 1st char of that buffer, and after that line it follows more header data, say, exceeding 8192 bytes - then the code calculates currentLen = linebuffer.length() + bufferlen - bufferpos = 9000+ 8192 - 0 > 10000, while actual line length is just 9000.

      I think the fix is to replace (pos > 0 ? pos : this.bufferlen) to (pos > -1 ? pos : this.bufferlen)

        Attachments

          Activity

            People

            • Assignee:
              olegk Oleg Kalnichevski
              Reporter:
              anakonechny Artem Nakonechnyy
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: