yes it is, the problem here is that Tomcat is initiating a
CometServlet.read when bogus data comes in after Content-Length has been
reached.
Filip
Andy Piper wrote:
Bogus content-length is asking for trouble. IIRC it can cause SSL
no-end of headaches.
andy
At 01:06 17/06/2006, Filip Hanik
Bogus content-length is asking for trouble. IIRC
it can cause SSL no-end of headaches.
andy
At 01:06 17/06/2006, Filip Hanik - Dev Lists wrote:
Lemme narrow everything down, and this will be short, I promise,
it all boils down to the Content-Length header,
if this header is omitted then it wo
Remy Maucherat wrote:
Filip Hanik - Dev Lists wrote:
Right now I'm not hot about reading the data first in the container:
if done, it should be in InputBuffer,
yes, that is how I suggested it to be done. The AprBuffer was reading
the socket data in my checkin.
but could mean automagically di
Filip Hanik - Dev Lists wrote:
Right now I'm not hot about reading the data first in the container:
if done, it should be in InputBuffer,
yes, that is how I suggested it to be done. The AprBuffer was reading
the socket data in my checkin.
but could mean automagically discarding data, which co
Remy Maucherat wrote:
Filip Hanik - Dev Lists wrote:
I agree, chunked would be the way to go for a communication.
I reverted my fix, however, now TC6 has a DOS possibility, by
following these steps
1. Override CometServlet.read, always return true (you wanna serve N
client requests, and you
Filip Hanik - Dev Lists wrote:
I agree, chunked would be the way to go for a communication.
I reverted my fix, however, now TC6 has a DOS possibility, by following
these steps
1. Override CometServlet.read, always return true (you wanna serve N
client requests, and you don't know how many it
Costin Manolache wrote:
Not sure I understand all details here - but chunking seems like a better
solution
than sending a bad Content-Length.
Indeed, you got it right, chunking is supposed to be used.
Sending a too large or incorrect content-length may break a lot of things (
and be rejected,
I agree, chunked would be the way to go for a communication.
I reverted my fix, however, now TC6 has a DOS possibility, by following
these steps
1. Override CometServlet.read, always return true (you wanna serve N
client requests, and you don't know how many its gonna send, so this is
not un
Not sure I understand all details here - but chunking seems like a better
solution
than sending a bad Content-Length.
Sending a too large or incorrect content-length may break a lot of things (
and be rejected,
affect proxies, etc ).
Costin
On 6/16/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED
Remy Maucherat wrote:
Filip Hanik - Dev Lists wrote:
yes, but to do so, you would be required to pre calculate the content
length for the 2 (or N events), and if the server hasn't responded
(since its async) you can't send the 2nd event as you could start a
new HTTP request on the same connect
Lemme narrow everything down, and this will be short, I promise,
it all boils down to the Content-Length header,
if this header is omitted then it wont be possible for the client to
send more than one request.
The workaround for this, Content-Length: Integer.MAX_VALUE, this will
make the code
Filip Hanik - Dev Lists wrote:
yes, but to do so, you would be required to pre calculate the content
length for the 2 (or N events), and if the server hasn't responded
(since its async) you can't send the 2nd event as you could start a new
HTTP request on the same connection when there hasn't b
Filip Hanik - Dev Lists wrote:
and that is the exact bug I fixed. Before the commit, you couldn't. So
to support your argument, you should be in favor of the commit. not
against.
Ok, then post the request you are sending. The whole request must be a
valid HTTP/1.1 request with a properly deli
Remy Maucherat wrote:
Filip Hanik - Dev Lists wrote:
all, I have made a little image that would explain the idea I have
(and implemented today) for the Tomcat model, would like to get some
feedback,
Remy and I already have an open dialogue, but its subjected under a
commit, so if you didn't
Remy Maucherat wrote:
Filip Hanik - Dev Lists wrote:
all, I have made a little image that would explain the idea I have
(and implemented today) for the Tomcat model, would like to get some
feedback,
Remy and I already have an open dialogue, but its subjected under a
commit, so if you didn't
Filip Hanik - Dev Lists wrote:
all, I have made a little image that would explain the idea I have (and
implemented today) for the Tomcat model, would like to get some feedback,
Remy and I already have an open dialogue, but its subjected under a
commit, so if you didn't read that one, this one
all, I have made a little image that would explain the idea I have
(and implemented today) for the Tomcat model, would like to get some
feedback,
Remy and I already have an open dialogue, but its subjected under a
commit, so if you didn't read that one, this one has a nice pix
also available a
17 matches
Mail list logo
