[Bug 57938] HttpServletRequest.getString causes NPE when allowCasualMultipartParsing set "true" and multipart field is empty

bugzilla Tue, 19 May 2015 16:08:07 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=57938


Onur <onrs...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All
          Component|Util                        |Catalina

--- Comment #1 from Onur <onrs...@gmail.com> ---
Just figured out what the problem is. maxPostSize attribute of Connector in
server.xml was set to -1. When allowCasualMultipartParsing is true and if there
is no @MultpartConfig, a MultipartConfigElement is created in
org.apache.catalina.connector.Request.parseParts using this code:


MultipartConfigElement mce = getWrapper().getMultipartConfigElement();

if (mce == null) {
    if(context.getAllowCasualMultipartParsing()) {
        mce = new MultipartConfigElement(null,
                                         connector.getMaxPostSize(),
                                         connector.getMaxPostSize(),
                                         connector.getMaxPostSize());
    } else {
                ...

The last parameter of MultipartConfigElement above is fileSizeTreshold which is
(from javadoc) "the size threshold after which files will be written to disk". 

Although it says that "The maximum size in bytes of the POST which will be
handled by the container FORM URL parameter parsing. The limit can be disabled
by setting this attribute to a value less than or equal to 0. If not specified,
this attribute is set to 2097152 (2 megabytes)." for maxPostSize in
documents(https://tomcat.apache.org/tomcat-8.0-doc/config/http.html#Common_Attributes),
setting maxPostSize to 0 blocks all post requests for example:

HTTP Status 500 - java.lang.IllegalStateException:
org.apache.tomcat.util.http.fileupload.FileUploadBase$SizeLimitExceededException:
the request was rejected because its size (235) exceeds the configured maximum
(0)

So setting maxPostSize to 0 is not a solution for anyone who wants to allow
unlimited size file uploads.


Posible quick fix is:

MultipartConfigElement mce = getWrapper().getMultipartConfigElement();

if (mce == null) {
    if(context.getAllowCasualMultipartParsing()) {
        mce = new MultipartConfigElement(null,
                                         connector.getMaxPostSize(),
                                         connector.getMaxPostSize(),
                                        
Math.max(0,connector.getMaxPostSize())); //line 2671 in v8.0.22
    } else {
                ...



I set my maxPostSize to a reasonable value as a temporary fix. But this bug and
misleading documentation of maxPostSize should be fixed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57938] HttpServletRequest.getString causes NPE when allowCasualMultipartParsing set "true" and multipart field is empty

Reply via email to