Bug 45610 - status-worker: Bug in request parameter parsing for update action
Summary: status-worker: Bug in request parameter parsing for update action
Alias: None
Product: Tomcat Connectors
Classification: Unclassified
Component: Common (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2008-08-11 00:36 UTC by Guido Jäkel
Modified: 2009-12-21 15:36 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Guido Jäkel 2008-08-11 00:36:01 UTC

using mod_jk 1.2.26, i noticed an serious error in parameter parsing of the status worker using the update action:

In a service script i'm using an URL like


to switch the workers of clustered tomcat setup. In principle, all things work right. But if i (erroneously) set the empty value for the sub-worker tag (...&sw=&...), something completely wrong will happen: You'll got an "OK"-message and the sticky session attribute will be disabled!

Looks to me like a typical overwriting of a parameter block through a dangling pointer.

There might be more of this kind of bugs, one may do a complete revision of the parameter parsing.
Comment 1 Rainer Jung 2009-12-21 15:36:51 UTC
Erroneous unsetting of sticky_session has been fixed in


It was not dangling pointer issue, simply a wrong handling of default values for sticky_session and sticky_session_force.

Being less tolerant for an empty sub worker param has been added in


Note: this will only forbid "sw=" (no value) but not "sw" without "=".

Thanks for reporting the issue. Both fixes will be part of version 1.2.29.