https://bz.apache.org/bugzilla/show_bug.cgi?id=66236
Bug ID: 66236
Summary: maxSavePostSize=-1 crashes ssl renegotiation
Product: Tomcat 10
Version: 10.0.22
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Authentication
Assignee: dev@tomcat.apache.org
Reporter: bernd.stoltef...@lbswest.de
Target Milestone: ------
According to documentation maxSavePostSize=-1 means "disable limit".
This was working fine in previous versions.
With tomcat 10 this will trigger an exception when a ssl rehandshake is
necessary:
java.lang.IllegalArgumentException: capacity < 0: (-1 < 0)
at java.base/java.nio.Buffer.createCapacityException(Buffer.java:279)
at java.base/java.nio.ByteBuffer.allocate(ByteBuffer.java:362)
at
org.apache.coyote.http11.filters.BufferedInputFilter.setLimit(BufferedInputFilter.java:69)
at
org.apache.coyote.http11.Http11Processor.sslReHandShake(Http11Processor.java:1285)
Reason seems to be, that line 1285 of Http11Processor allocates a buffer with
the size of maxSavePostSize without checking for the special meanings of 0 and
-1.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
