Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-895

Improve MAX_PARAMETERS and MAX_HEADERS handling

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Done
    • 2.0.0.Alpha1, 1.3.25.Final, 1.4.4.Final
    • 2.0.0.Beta1, 1.4.7.Final
    • Core
    • None

    Description

      I have found the following two problems that HttpRequestParser is not properly handled with MAX_PARAMETERS and MAX_HEADERS settings:

      1. Request query parameters and headers are not rejected with exact settings of MAX_PARAMETERS and MAX_HEADERS. For example, when MAX_PARAMETERS is set to 5, even if there are 6 query parameters in the request, they will be processed normally without being rejected. The request is rejected and the status code "400 Bad Request" is returned only when there are 7 or 8 query parameters in the request.

      2. mapCount in handleQueryParameters() (and handlePathParameters()) are reset to 0 when handling next buffer of the same request. Therefore, the request is processed ithout being rejected with MAX_PARAMETERS even if number of query parameters exceeds.

      Attachments

        Issue Links

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: