Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2277

ServletOutputStream/ServletPrinter allows mismatch between content-length header and length of message

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 2.2.25.Final, 2.3.7.Final
    • None
    • None
    • None
    • Hide

      Apply the fix for UNDERTOW-2243 to uncover this bug.
      Then, run:
      $mvn clean install -DskipTests
      $ mvn test -Pproxy -Dtest=ResponseWriterTestCase -pl servlet
      You will see a no http response error as the one below:

      [ERROR] Tests run: 3, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.924 s <<< FAILURE! - in io.undertow.servlet.test.response.writer.ResponseWriterTestCase
      [ERROR] testContentLengthBasedFlush[proxy][http2](io.undertow.servlet.test.response.writer.ResponseWriterTestCase)  Time elapsed: 0.106 s  <<< ERROR!
      org.apache.http.NoHttpResponseException: localhost:7777 failed to respond
      	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:141)
      	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56)
      	at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259)
      	at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:294)
      	at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:257)
      	at org.apache.http.impl.conn.ManagedClientConnectionImpl.receiveResponseHeader(ManagedClientConnectionImpl.java:207)
      	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273)
      	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
      	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:679)
      	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:481)
      	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
      	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
      	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
      	at io.undertow.servlet.test.response.writer.ResponseWriterTestCase.testContentLengthBasedFlush(ResponseWriterTestCase.java:77)
      
      Show
      Apply the fix for UNDERTOW-2243 to uncover this bug. Then, run: $mvn clean install -DskipTests $ mvn test -Pproxy -Dtest=ResponseWriterTestCase -pl servlet You will see a no http response error as the one below: [ERROR] Tests run: 3, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.924 s <<< FAILURE! - in io.undertow.servlet.test.response.writer.ResponseWriterTestCase [ERROR] testContentLengthBasedFlush[proxy][http2](io.undertow.servlet.test.response.writer.ResponseWriterTestCase) Time elapsed: 0.106 s <<< ERROR! org.apache.http.NoHttpResponseException: localhost:7777 failed to respond at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:141) at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56) at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:294) at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:257) at org.apache.http.impl.conn.ManagedClientConnectionImpl.receiveResponseHeader(ManagedClientConnectionImpl.java:207) at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:679) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:481) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at io.undertow.servlet.test.response.writer.ResponseWriterTestCase.testContentLengthBasedFlush(ResponseWriterTestCase.java:77)

      Because those classes do not check for the remaining content length when writing and flush, we could have a mimatch caused by a bug in the servlet code, in case the servlet sets a content length that is not equal to the amount of bytes it is writing.

      As a result, Undertow sends an invalid HTTP response, one where the content length header does not match the actual length of the response date.

      This can cause issues with clients, and it causes issues with Undertow itself. When tests are run in proxy mode + HTTP2, we can see the proxy closes the stream when receiving the faulty header.

              flaviarnn Flavia Rainone
              flaviarnn Flavia Rainone
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: