search

eclipse-ee4j / jersey

Eclipse Jersey Project - Read our Wiki:
https://github.com/eclipse-ee4j/jersey/wiki
Other
692 stars 355 forks source link

JdkConnector - BufferOverflow exceptions reading chunked encoding responses #5742

Open nicobrevin opened 1 month ago

nicobrevin commented 1 month ago

We've found that we can't use jdk-connector to read entities from servers that are using chunked encoding, or we get intermittent BufferOverflow exceptions. We're fairly sure this only happens with larger files and when accessed via HTTPS, but we've not proved that with complete certainty. We controlled the other endpoint so fixed it by setting the Content-Length in the response instead.

Found in jersey 2.41

Exception in thread "jdk-connector-14" java.lang.IllegalArgumentException: Buffer overflow
         at org.glassfish.jersey.jdk.connector.internal.Utils.appendBuffers(Utils.java:64)
         at org.glassfish.jersey.jdk.connector.internal.HttpParser.parse(HttpParser.java:82)
         at org.glassfish.jersey.jdk.connector.internal.HttpFilter.processRead(HttpFilter.java:99)
         at org.glassfish.jersey.jdk.connector.internal.HttpFilter.processRead(HttpFilter.java:27)
         at org.glassfish.jersey.jdk.connector.internal.Filter.onRead(Filter.java:116)
         at org.glassfish.jersey.jdk.connector.internal.SslFilter.handleRead(SslFilter.java:361)
         at org.glassfish.jersey.jdk.connector.internal.SslFilter.processRead(SslFilter.java:323)
         at org.glassfish.jersey.jdk.connector.internal.SslFilter.processRead(SslFilter.java:36)
         at org.glassfish.jersey.jdk.connector.internal.Filter.onRead(Filter.java:116)
         at org.glassfish.jersey.jdk.connector.internal.Filter.onRead(Filter.java:124)
         at org.glassfish.jersey.jdk.connector.internal.TransportFilter$3.completed(TransportFilter.java:262)

I'd love to give you a reproducer/failing test case if you can give me a pointer for how to set up the ReadChunkedEntity test to use SSL?

jansupol commented 1 month ago

@nicobrevin You can check the SSLFilterTest and the subclasses, or also the subclasses of SslParentTest

jansupol commented 1 month ago

You say the issue occurs only with the larger files. If the content length is too large to fit into 32bits (int) the 2.41 JdkConnector has issues with it. JdkConnector 2.44 changed the content length to use long. Perhaps you can check this issue with the latest Jersey. The stack trace looks like a different issue, though.

nicobrevin commented 1 month ago

Perhaps you can check this issue with the latest Jersey

Yes, that's true, I remember raising that bug! I ended up abandoning using JdkConnector for that use case, but revisited for something else where the files were smaller (<4 GB) but wanted the async-ness (and PATCH support) that JdkConnector has.

I'll try and find some time to test this out and get back to you...