DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25193>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25193 Wrong Content-Length in POST could cause information leakage / misbehaviour [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2003-12-04 10:50 ------- Have to correct me: Since this only occurs if the connection is closed, no information from other requests can leak to the client directly. Here the steps to reproduce this behaviour: whith this jsp the problem can be prepared, just fill in some values and call it a few times... [code] <HTML> <BODY> <FORM action="showIt.jsp" method="post"> <BR><BR> <% for (int i = 0; i < 10; i++) { %> value <%=i%> <input type="text" name="<%=i%>" length="30"> <br> <% } %> <INPUT TYPE="SUBMIT" NAME="Submit" VALUE="Submit"> </FORM> </BODY> </HTML> [/code] showIt.jsp simply writes all parameter set in the request to System.out: [code] <[EMAIL PROTECTED] import="java.util.Enumeration"%> <% Enumeration names = request.getParameterNames(); String name; String value; System.out.println("===================="); while (names.hasMoreElements()) { name = (String)names.nextElement(); value = request.getParameter(name); System.out.println("showIt.jsp\t"+name+"="+value); } System.out.println("===================="); %> [/code] Finally the java-Class that has to be run to show the problem: Just call it several times and look at catalina.out. [code] import java.net.*; import java.io.*; public class DamagedPostRequest { public DamagedPostRequest(String servername, int port, String webapps, int length) throws Exception { String request = "POST "+webapps+"showIt.jsp HTTP/1.1\n" +"Host: "+servername, +"n" +"Content-type: application/x-www-form-urlencoded\n" +"Content-length: "+length+"\n" +"\n"; Socket s = new Socket(InetAddress.getByName(servername), port); OutputStream out = s.getOutputStream(); out.write(request.getBytes()); out.close(); } public static void main(String[] args) throws Exception { DamagedPostRequest damagedPostRequest2 = new DamagedPostRequest("localhost", 8080, "/", 1000); } } [/code] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
