Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-1323

MultipartRequest class incorrectly parses form post when field boundary occurs near end of internal buffer

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 1.2.0.GA, 1.2.1.GA
    • Fix Version/s: 1.3.0.ALPHA
    • Component/s: Core
    • Labels:
      None
    • Environment:

      Windows Vista, Firefox 2.0.0, Java 1.6u1, JBoss AS 4.0.5.GA, JBoss Seam 1.2.1

      Description

      When a form post is processed by a MultipartRequest class and it has a field boundary that occurs near the end of the internal buffer of the MultipartRequest class, it fails to recognize the field boundary and interprets the field boundary and the following header to be a part of the previous field's contents.

      This bug can most easily be reproduced by creating a form of enctype="multipart/form-data" with 30 <h:inputText> fields. The fields should be submitted empty. This provides form post data with lots of field boundaries and little in between. One of the field boundaries is likely to be near the end of the 2KB class buffer. When the bug occurs, one of the blank fields will be shown to contain part of the form boundary text. The form may have to be submitted 5 or 10 times, before the bug occurs.

      This same technique also occasionally causes the JBSEAM-1322 bug to occur (rarely, though).

      Sorry, I don't have a suggested fix. The class has been kind of hard for me to debug.

      Submitting the following XHTML source multiple times can be used to demonstrate the bug:

      <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:s="http://jboss.com/products/seam/taglib"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:f="http://java.sun.com/jsf/core"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:rich="http://richfaces.ajax4jsf.org/rich" >

      <h:form enctype="multipart/form-data">

      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:inputText />
      <h:commandButton />
      </h:form>
      </html>

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                shane.bryzak Shane Bryzak
                Reporter:
                rob.b ROB b
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: