Hello Tomcat Developers,
I have a unique situation about HTTP Protocol PAYLOAD parsing and
Content-Length Header. When PUT/POST Content-Length is NOT correct (client
send wrong Content-Lenght), the tomcat is able to parse the request and
respond to request with 2xx but subsequent on SAME TCP connection fails
with corrupted HTTP HEADER.
For example, I do following raw HTTP Request to tomcat server with
Content-Lenght: 419 (but Client Does not POST content followed by GET
request it get corrupted) : If Content-Length is zero for PUT then
request works. I am attaching sample Spring boot App to reproduce
this issue. With text file and command ( *cat file | nc localhost 8448*)
Please get back to me ASAP. Should I file a bug ?
*REQUEST:*
PUT /api/?msg=Test HTTP/1.1
User-Agent: Java/1.8.0_131
X-Real-IP: 96.118.243.182
id: 924
ACCESS_TOKEN:
30005f625a9401b4f604d95f9c4bdb4451e5f55d6477a8fd7c6524e2a955179a
breadcrumbId:
ID-vd01-ch2-g-CHCIILNQL06-dse-comcast-net-43208-1546458662158-9-601484
Accept: application/json
CLIENT_IP: 96.119.84.25
usercontext:
eyJ1c2VyTmFtZSI6Im5jc28iLCJ1c2VyUm9sZXMiOlsiUHJvdmlkZXJEYXRhQ2VudGVyQWRtaW4iXSwidGVuYW50TmFtZSI6IiJ9
X-Forwarded-For: 96.118.243.182
X-Forwarded-Proto: https
URI: /nextgen/templates/template-metadata/PostStaging-LBNNPACB81W/override
HTTP_METHOD: PUT
rollback-label: b3f8ec56-33b1-4b27-a64e-5c3d77041332
rollback-comment: ServiceTemplate_b3f8ec56-33b1-4b27-a64e-5c3d77041332
Content-Length: 419
Content-Type: application/json
Host: localhost:8448
Conection: Keep-Alive
GET /api/ HTTP/1.1
HTTP_METHOD: GET
X-Forwarded-For: 96.118.243.182
ACCESS_TOKEN:
30005f625a9401b4f604d95f9c4bdb4451e5f55d6477a8fd7c6524e2a955179a
X-Real-IP: 96.118.243.182
X-Forwarded-Proto: https
breadcrumbId:
ID-vd01-ch2-g-CHCIILNQL06-dse-comcast-net-43208-1546458662158-9-601497
override: override-with-referred-template
User-Agent: Java/1.8.0_131
rollback-label: adfb0689-062d-48a2-95ca-f8a9711858f7
Accept: application/json
CLIENT_IP: 96.119.84.25
usercontext:
eyJ1c2VyTmFtZSI6Im5jc28iLCJ1c2VyUm9sZXMiOlsiUHJvdmlkZXJEYXRhQ2VudGVyQWRtaW4iXSwidGVuYW50TmFtZSI6IiJ9
URI:
/nextgen/binddata/templateData/template/PostStaging-LBNNPACB81W/devicegroup/DeviceGroup-LBNNPACB81W
rollback-comment: ServiceTemplate_adfb0689-062d-48a2-95ca-f8a9711858f7
Host: localhost:8448
Connection: Keep-Alive
*RESPONSE:*BMs-MacBook-Pro:gs-spring-boot bmistry$ *cat /tmp/testbody.txt |
nc localhost 8448*
HTTP/1.1 200
Content-Type: application/json;charset=UTF-8
Content-Length: 34
Date: Fri, 01 Feb 2019 19:39:20 GMT
Greetings from Spring Boot ! Test
HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 800
Date: Fri, 01 Feb 2019 19:39:20 GMT
Connection: close
<!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad
Request</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 400 – Bad Request</h1></body></html>BMs-MacBook-Pro:gs-spring-boot
bmistry$
*ERROR LOGS:*
2019-02-01 11:39:20.387 DEBUG 14931 --- [nio-8448-exec-5]
o.a.coyote.http11.Http11InputBuffer : Received [PUT /api/?msg=Test
HTTP/1.1
User-Agent: Java/1.8.0_131
X-Real-IP: 96.118.243.182
id: 924
ACCESS_TOKEN:
30005f625a9401b4f604d95f9c4bdb4451e5f55d6477a8fd7c6524e2a955179a
breadcrumbId:
ID-vd01-ch2-g-CHCIILNQL06-dse-comcast-net-43208-1546458662158-9-601484
Accept: application/json
CLIENT_IP: 96.119.84.25
usercontext:
eyJ1c2VyTmFtZSI6Im5jc28iLCJ1c2VyUm9sZXMiOlsiUHJvdmlkZXJEYXRhQ2VudGVyQWRtaW4iXSwidGVuYW50TmFtZSI6IiJ9
X-Forwarded-For: 96.118.243.182
X-Forwarded-Proto: https
URI: /nextgen/templates/template-metadata/PostStaging-LBNNPACB81W/override
HTTP_METHOD: PUT
rollback-label: b3f8ec56-33b1-4b27-a64e-5c3d77041332
rollback-comment: ServiceTemplate_b3f8ec56-33b1-4b27-a64e-5c3d77041332
Content-Length: 419
Content-Type: application/json
Host: localhost:8448
Conection: Keep-Alive
GET /api/ HTTP/1.1
HTTP_METHOD: GET
X-Forwarded-For: 96.118.243.182
ACCESS_TOKEN:
30005f625a9401b4f604d95f9c4bdb4451e5f55d6477a8fd7c6524e2a955179a
X-Real-IP: 96.118.243.182
X-Forwarded-Proto: https
breadcrumbId:
ID-vd01-ch2-g-CHCIILNQL06-dse-comcast-net-43208-1546458662158-9-601497
override: override-with-referred-template
User-Agent: Java/1.8.0_131
rollback-label: adfb0689-062d-48a2-95ca-f8a9711858f7
Accept: application/json
CLIENT_IP: 96.119.84.25
usercontext:
eyJ1c2VyTmFtZSI6Im5jc28iLCJ1c2VyUm9sZXMiOlsiUHJvdmlkZXJEYXRhQ2VudGVyQWRtaW4iXSwidGVuYW50TmFtZSI6IiJ9
URI:
/nextgen/binddata/templateData/template/PostStaging-LBNNPACB81W/devicegroup/DeviceGroup-LBNNPACB81W
rollback-comment: ServiceTemplate_adfb0689-062d-48a2-95ca-f8a9711858f7
Host: localhost:8448
Connection: Keep-Alive
]
2019-02-01 11:39:20.388 DEBUG 14931 --- [nio-8448-exec-5]
org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2019-02-01 11:39:20.388 DEBUG 14931 --- [nio-8448-exec-5]
org.apache.tomcat.util.http.Parameters : Decoding query null UTF-8
2019-02-01 11:39:20.388 DEBUG 14931 --- [nio-8448-exec-5]
org.apache.tomcat.util.http.Parameters : Start processing with input
[msg=Test]
2019-02-01 11:39:20.397 DEBUG 14931 --- [nio-8448-exec-5]
o.a.coyote.http11.Http11InputBuffer : *Received [ication/json*
*CLIENT_IP: 96.119.84.25*
*usercontext:
eyJ1c2VyTmFtZSI6Im5jc28iLCJ1c2VyUm9sZXMiOlsiUHJvdmlkZXJEYXRhQ2VudGVyQWRtaW4iXSwidGVuYW50TmFtZSI6IiJ9*
*URI:
/nextgen/binddata/templateData/template/PostStaging-LBNNPACB81W/devicegroup/DeviceGroup-LBNNPACB81W*
*rollback-comment: ServiceTemplate_adfb0689-062d-48a2-95ca-f8a9711858f7*
*Host: localhost:8448*
*Connection: Keep-Alive*
*]*
2019-02-01 11:39:20.413 DEBUG 14931 --- [-ClientPoller-0]
org.apache.tomcat.util.net.NioEndpoint : timeout completed: keys
processed=0; now=1549049960413; nextExpiration=1549049960413; keyCount=0;
hasEvents=false; eval=false
2019-02-01 11:39:20.715 INFO 14931 --- [nio-8448-exec-5]
o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at
DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name.
HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(
Http11InputBuffer.java:414) ~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
~[tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.coyote.AbstractProcessorLight.process(
AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(
AbstractProtocol.java:834) [tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(
NioEndpoint.java:1417) [tomcat-embed-core-9.0.14.jar:9.0.14]
at org.apache.tomcat.util.net.SocketProcessorBase.run(
SocketProcessorBase.java:49) [tomcat-embed-core-9.0.14.jar:9.0.14]
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1149) [na:1.8.0_162]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:624) [na:1.8.0_162]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
TaskThread.java:61) [tomcat-embed-core-9.0.14.jar:9.0.14]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_162]
Attachment:
1) gs-spring-boot maven project with a spring-boot jar
2) testbody.txt (Not working request with incorrect Content-Lenght)
3) test_working.txt (working request with correct Content-Lenght)
4) Command to test Raw request: *cat /tmp/testbody.txt | nc localhost 8448
to simulate same TCP connection two request.*
