[Bug 62596] New: WsWebSocketContainer#connectToServer throws BufferOverflowException

Fri, 03 Aug 2018 05:43:26 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62596

            Bug ID: 62596
           Summary: WsWebSocketContainer#connectToServer throws
                    BufferOverflowException
           Product: Tomcat 8
           Version: 8.5.x-trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebSocket
          Assignee: dev@tomcat.apache.org
          Reporter: erik.mccal...@edge-technologies.com
  Target Milestone: ----

Created attachment 36071
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36071&action=edit
Contrived example to trigger BufferOverflowException in
WsWebSocketContainer#connectToServer

WsWebSocketContainer#connectToServer throws BufferOverflowException when
headers supplied by ClientEndpointConfig.Configurator#beforeRequest are too
large.

Exception in thread "main" java.nio.BufferOverflowException
        at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:189)
        at java.nio.ByteBuffer.put(ByteBuffer.java:859)
        at
org.apache.tomcat.websocket.WsWebSocketContainer.addHeader(WsWebSocketContainer.java:755)
        at
org.apache.tomcat.websocket.WsWebSocketContainer.createRequest(WsWebSocketContainer.java:736)
        at
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServerRecursive(WsWebSocketContainer.java:275)
        at
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:195)

In our application, we are forwarding an Authorization header/token of close to
4000 bytes, which when combined with other headers results in a request larger
than the 4096 allocated to the ByteBuffer in
WsWebSocketContainer#createRequest.

Suggest making this buffer size configurable via a new setting in
org.apache.tomcat.websocket.Constants.  I can contribute a fix if that is
appropriate.  Our local patch has the following in Constants:

    static final int WS_UPGRADE_REQUEST_SIZE = Integer.getInteger(
            "org.apache.tomcat.websocket.WS_UPGRADE_REQUEST_SIZE", 8 * 1024)
            .intValue();

So, a new default buffer size of 8k, and the option of setting a system
property if it needs to be bumped up further.

I've attached some code that will trigger the exception.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to