|Anonymous | Login | Signup for a new account||01-19-2022 05:00 PST|
|Main | My View | View Issues | Change Log | Docs|
|Viewing Issue Advanced Details [ Jump to Notes ]||[ View Simple ] [ Issue History ] [ Print ]|
|ID||Category||Severity||Reproducibility||Date Submitted||Last Update|
|0006093||[Resin]||major||always||09-14-17 09:27||10-12-17 14:48|
|ETA||none||Fixed in Version||4.0.55||Product Version||4.0.53|
|Summary||0006093: Failed to parse readRequest when HTTP GET request is too long.|
If a HTTP GET request is larger than TCP MTU, then it will be split into several TCP segments. In some case, the code in com.caucho.server.http.HttpRequest#readRequest() will be malfunctioning:
Let's say a 3500 bytes HTTP request which is transmitted by 3 TCP segments, Resin accept the connection and read the 1st segment which contains 1500 bytes: 'GET /abc?def...', then start to readRequest().
In "read URI" part(line 1122 to 1141), it will found readTail <= readOffset, then invoke fillUrlTail() that will read the 2nd and the 3rd TCP segment(I guess while Resin handling the 1st segment, TCP stack fills all the rest segments in to SocketInputStream's buffer, so that Resin can read them all), which contains the other 2000 bytes: 'xyz HTTP/1.1...'.
After read the whole URI which end with 'xyz', the readTail and readOffset are around 19xx, but the readLength is 14xx, so in the "skip whitespace" part, Resin found (readLength <= readOffset), it then tries to read more bytes from through s.fillBuffer(), which will block Resin since there is nothing to read, until socket timeout.
I can reproduce this 100%, but didn't found the most appropriate fix, any info would be appreciated, thanks.
|Steps To Reproduce|
|There are no notes attached to this issue.|
|09-14-17 09:27||zhaown||New Issue|
|09-14-17 09:28||zhaown||Issue Monitored: zhaown|
|10-12-17 14:48||ferg||Assigned To||=> ferg|
|10-12-17 14:48||ferg||Status||new => closed|
|10-12-17 14:48||ferg||Resolution||open => fixed|
|10-12-17 14:48||ferg||Fixed in Version||=> 4.0.55|
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
28 total queries executed.|
25 unique queries executed.