| Summary: | Oversized header errors are not handled in some cases | ||
|---|---|---|---|
| Product: | Tomcat 7 | Reporter: | bornmw <omikheev> |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | ||
| Priority: | P2 | ||
| Version: | 7.0.50 | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | All | ||
If there is no explicit flush then the output isn't flushed until after the execution path has exited the ErrorReportingValve. Once past this point there is no opportunity to add a error body. In all of the error cases cited in this report, Tomcat will return a 500 response to the user agent. How the user agent chooses to display (or not display) that to the user is up to the user agent. There will also be a 500 entry in the access log. |
Atempts to set oversized headers should fail with a nice screen: HTTP Status 500 - An attempt was made to write more data to the response headers than there was room available in the buffer. Increase maxHttpHeaderSize on the connector or write less data into the response headers. That's the case *only* if you explicitly flush response writer: protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { byte[] ba = new byte[10000]; Arrays.fill(ba, (byte) 1); resp.addCookie(new Cookie("test", DatatypeConverter.printBase64Binary(ba))); resp.getWriter().flush(); } But in case there is no flush - it just silently fails with no errors whatsoever (neither in browser nor in the logs). The same story with redirect: protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { byte[] ba = new byte[10000]; Arrays.fill(ba, (byte) 1); resp.addCookie(new Cookie("test", DatatypeConverter.printBase64Binary(ba))); resp.sendRedirect("blah"); } it just silently dies Please confirm this is a bug, I can provide patch if needed.