mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff MAURY (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRMINA-920) HTTP server decoding is broken
Date Mon, 26 Nov 2012 14:28:58 GMT

    [ https://issues.apache.org/jira/browse/DIRMINA-920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13503798#comment-13503798
] 

Jeff MAURY commented on DIRMINA-920:
------------------------------------

The patch I sent is full tolerant for body: all methods can have a body, it is to the user
to decide what to do with it
                
> HTTP server decoding is broken
> ------------------------------
>
>                 Key: DIRMINA-920
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-920
>             Project: MINA
>          Issue Type: Bug
>          Components: Protocol - HTTP
>    Affects Versions: 2.0.7
>            Reporter: Jeff MAURY
>              Labels: HTTP, protocol, states
>             Fix For: 2.0.8, 3.0.0-M1
>
>         Attachments: DIRMINA-920.patch
>
>
> HTTP server decoding (aka HttpServerDecoder) is broken is several parts:
> 1) it make the assertion that PUT and POST request must have a non -zero length body.
This is false, thing about REST request: an empty PUT request can be use to create a server
initialized entry and an empty POST request can be used to change properties where the value
is stored in the URL (/rest/1234/status/cancelled). In that case, an exception is thrown but
the state is not reset so remaining decoding will fail
> 2) it also make the assumption that only PUT and POST request can have a body where I
can't find a significant case but I tried a GET request with a body on Google (GPE), Microsoft
(IIS) and Apache (Apache) and Google was the only server to reject the request as malformed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message