https://bz.apache.org/bugzilla/show_bug.cgi?id=69713
Bug ID: 69713
Summary: HTTP/2 DATA frame with padding cause error when
HEADERS contains content-length field.
Product: Tomcat 10
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: kiny...@gmail.com
Target Milestone: ------
When HEADERS contains 'content-length' field and DATA frame is padded, it
causes Connection error.
tomcat-1 | 12-Jun-2025 02:18:55.721 FINE [https-openssl-nio-8443-exec-4]
org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Connection error
tomcat-1 | org.apache.coyote.http2.ConnectionException: Connection [0],
Stream [1], The content length header value [3] does not agree with the size of
the data received [127]
tomcat-1 | at
org.apache.coyote.http2.Stream.receivedData(Stream.java:684)
tomcat-1 | at
org.apache.coyote.http2.Http2UpgradeHandler.startRequestBodyFrame(Http2UpgradeHandler.java:1553)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncUpgradeHandler.startRequestBodyFrame(Http2AsyncUpgradeHandler.java:43)
tomcat-1 | at
org.apache.coyote.http2.Http2Parser.readDataFrame(Http2Parser.java:191)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:251)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:167)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase$VectoredIOCompletionHandler.completed(SocketWrapperBase.java:1040)
tomcat-1 | at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper$NioOperationState.run(NioEndpoint.java:1687)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase$OperationState.start(SocketWrapperBase.java:987)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase.vectoredOperation(SocketWrapperBase.java:1358)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase.read(SocketWrapperBase.java:1214)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase.read(SocketWrapperBase.java:1190)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncParser.readFrame(Http2AsyncParser.java:140)
tomcat-1 | at
org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:87)
tomcat-1 | at
org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:356)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncUpgradeHandler.upgradeDispatch(Http2AsyncUpgradeHandler.java:43)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncParser$PrefaceCompletionHandler.completed(Http2AsyncParser.java:130)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncParser$PrefaceCompletionHandler.completed(Http2AsyncParser.java:62)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase$VectoredIOCompletionHandler.completed(SocketWrapperBase.java:1040)
tomcat-1 | at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper$NioOperationState.run(NioEndpoint.java:1687)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase$OperationState.start(SocketWrapperBase.java:987)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase.vectoredOperation(SocketWrapperBase.java:1358)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase.read(SocketWrapperBase.java:1214)
tomcat-1 | at
org.apache.tomcat.util.net.SocketWrapperBase.read(SocketWrapperBase.java:1190)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncParser.readConnectionPreface(Http2AsyncParser.java:57)
tomcat-1 | at
org.apache.coyote.http2.Http2UpgradeHandler.init(Http2UpgradeHandler.java:248)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncUpgradeHandler.init(Http2AsyncUpgradeHandler.java:43)
tomcat-1 | at
org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:334)
tomcat-1 | at
org.apache.coyote.http2.Http2AsyncUpgradeHandler.upgradeDispatch(Http2AsyncUpgradeHandler.java:43)
tomcat-1 | at
org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:60)
tomcat-1 | at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:57)
tomcat-1 | at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:903)
tomcat-1 | at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1769)
tomcat-1 | at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
tomcat-1 | at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1189)
tomcat-1 | at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
tomcat-1 | at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
tomcat-1 | at java.base/java.lang.Thread.run(Thread.java:1583)
The test of padded DATA frame is here
https://github.com/apache/tomcat/blob/main/test/org/apache/coyote/http2/Http2TestBase.java#L388
https://github.com/apache/tomcat/blob/main/test/org/apache/coyote/http2/TestHttp2Section_6_1.java#L50
But it tests only the case that HEADERS frame does not contain 'content-length'
field.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
