Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9736

(7.0.z) UNDERTOW-1005 - max-parameters limit on listener value results in accepting up to max-parameters+1 value

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • 7.0.6.CR1, 7.0.6.GA
    • 7.0.5.CR1, 7.1.0.DR11
    • Undertow
    • None
    • Hide

      start EAP
      define max-parameters on http-listener to some low number, e.g. 2 => /subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=2)
      Do http request with number of parameters greater by one value than set by previous command
      => e.g. curl -I 'http://127.0.0.1:8080/index.html?aaa=1&bbb=2&ccc=3'

      This should fail with 400 Bad Request but it doesn't and ends with 200. If you add one more parameter it will start rejecting the requests with 400

      Show
      start EAP define max-parameters on http-listener to some low number, e.g. 2 => /subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=2) Do http request with number of parameters greater by one value than set by previous command => e.g. curl -I 'http://127.0.0.1:8080/index.html?aaa=1&bbb=2&ccc=3' This should fail with 400 Bad Request but it doesn't and ends with 200. If you add one more parameter it will start rejecting the requests with 400
    • EAP 7.0.6

    Description

      If I set max-parameters on listener to some value and send request with number of parameters bigger by one than the value set in the attribute, the request is accepted. When it is bigger by two, the request is rejected as bad request.

      This issue is only with HTTP/1, with HTTP/2.0 it works as expected.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8589 max-parameters limit on listener value results in accepting up to max-parameters+1 value

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-8650 (7.0.z) Upgrade undertow from 1.3.27.Final to 1.3.28.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              chaowan@redhat.com Chao Wang
              psotirop@redhat.com Panagiotis Sotiropoulos
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: