Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-106

Link headers are not processed correctly

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 1.0.0.Beta14
    • 1.0.0.Beta13
    • Servlet
    • None
    • Hide

      See attached demonstrator

      Show
      See attached demonstrator

    Description

      The undertow servlet request handler is not processing Link headers correctly. When I try to read the Link header undertow gives me the value corresponding to a different header name.

      The problem is that io.undertow.util.HeaderMap#getOrCreateEntry() hashes different header names into the same entry in its internal table. I have attached an example to demonstrate the issue, in it I send two headers with the names "Link" and "Rest". These strings just happen to hash to the same slot:

      final int hc = headerName.hashCode();
final int idx = hc & (table.length - 1); // table.length is 16

      So calling request.getHeaders() (on an instance of io.undertow.servlet.spec.HttpServletRequestImpl) for header "Link" or "Rest" return the same value regardless of what the original headers were.

      The problem was not pressent in wildfly commit https://github.com/wildfly/wildfly/commit/fcb5355be422c7a838b7d05264ea231bf4ab2579 and we first noticed it in https://github.com/wildfly/wildfly/commit/9a3b000767c018a681a4858a84aae20a0b8c7310

      And the diff between the two is: https://github.com/wildfly/wildfly/compare/fcb5355be422c7a838b7d05264ea231bf4ab2579...9a3b000767c018a681a4858a84aae20a0b8c7310

      Attachments

        1. linkhdr-test.tar
          30 kB
          Michael Musgrove

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBTM-1920 Blacktie TestTransactions test failed: REST-AT stricter?

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              rhn-engineering-mmusgrov Michael Musgrove
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: