https://bz.apache.org/bugzilla/show_bug.cgi?id=69731
Bug ID: 69731
Summary: Incorrect count of maxParameterCount (double count)
when executing req.getParameter(name) after
request.getPart()
Product: Tomcat 9
Version: 9.0.106
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: -----
Condition(for test):
server.xml
---
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxParameterCount="8"
/>
---
servlet:
---
public class UploadServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
Collection<Part> parts = req.getParts();
System.out.println("req.getParts() done.");
System.out.println("param count = " + parts.size());
System.out.println("text=" + req.getParameter("text"));
// omitted file operation
req.getRequestDispatcher("/home.jsp").forward(req, res);
}
}
---
query param: ?text=aaa
multipart params:
text params count: 4
file params count: 0
* This issue does not occur when there are only file parameters.
Expected result:
---
req.getParts() done.
param count = 4
text=aaa
---
Actual result:
---
req.getParts() done.
param count = 4
27-Jun-2025 10:54:02.578 情報 [http-nio-8080-exec-1]
org.apache.tomcat.util.http.Parameters.processParameters 単独のリクエスト ([4])
のリクエストパラメーター (GET および POST) の数が上限値を超えています。上限値を超えるすべてのパラメーターは無視します。上限値を変更するには
Connector 要素の maxParameterCount 属性を設定してください。
注: 以降のこのエラーの発生はDEBUGレベルでログに出力されます。
text=null
---
When the maxParameterCount is "9":
---
req.getParts() done.
param count = 4
text=aaa
---
Possible cause code:
org.apache.catalina.connector.Request#parseParameters()
---
if (parts != null && maxParameterCount > 0) {
maxParameterCount -= parts.size();
}
parameters.setLimit(maxParameterCount);
---
When request.getParts() is already executed, parameters contains the multipart
text parameters.
(see: "parameters.addParameter(name, value);" in
org.apache.catalina.connector.Request#parseParts(boolean explicit))
So the multipart text parameters are effectively double-counted.
Suggestion code:
---
if (parts != null && maxParameterCount > 0) {
maxParameterCount -= parts.size() - parameters.size();
}
parameters.setLimit(maxParameterCount);
---
When request.getParts() is already executed, subtract the number of multipart
file parameters (parts.size() - parameters.size()) from maxParameterCount.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
