Fix request header capture corrupting tomcat request#11469
Merged
Conversation
Contributor
|
Calling toString will execute the code in the screenshot below which will overwrite a globle buffer。 The code above was introduced in Tomcat version 10.1.0 and fixed in version 10.1.6, fixed code is below It seems to be a tomcat bug, but does it a good choice to read header in @Advice.OnMethodEnter of Tomcat method I notice that |
trask
approved these changes
May 28, 2024
zeitlinger
pushed a commit
to zeitlinger/opentelemetry-java-instrumentation
that referenced
this pull request
Jun 12, 2024
laurit
added a commit
to laurit/opentelemetry-java-instrumentation
that referenced
this pull request
Jun 17, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hopefully resolves #11464
Related to #6766
Avoid calling
toStringonMessageBytesand usemessageBytesToStringinstead as was done in #6766 for other places.I wasn't able to figure out how exactly reading headers manages to corrupt other parts of the request (there seems to be shared buffer, part of which gets overwritten so request uri starts returning an unexpected result). I believe that this can only be reproduced with some versions of tomcat (test app uses
10.1.5). #6766 mentions that the issue was introduced in10.1.0but was later backported to earlier versions. Latest version does not seem to contain the problematic code any more.