Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-750

SaajSoapMessageFactory's checkForUtf8ByteOrderMark is corrupting input stream

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5.8, 1.5.9
    • Fix Version/s: 2.0.4
    • Component/s: Core
    • Labels:
      None

      Description

      There appears to be a bug in the implementation of "checkForUtf8ByteOrderMark" in org.springframework.ws.soap.saaj.SaajSoapMessageFactory.

      Under certain circumstances, the call to pushbackInputStream.read(bom) will read less than the required 3 bytes into bom. Then, since the byte order mark isn't found, unread(bom) is called which results in some invalid bytes being added to the stream.

      The contract for PushbackInputStream.read(byte[] b, int off, int len) says "Reads up to len bytes of data." In our case, using Tomcat (versions 6 and 7) with recent releases of Chrome and IE, the call to inputstream.available() in BufferedInputStream's implementation of read returns 0. This is because no more data can be read without blocking. It seems to be just an unfortunate coincidence caused by the size of the header sent by the newest version of chrome and IE. The end result is that our soap envelope is corrupted and our system is unusable.

        Issue Links

          Activity

          zakvandermerwe Zak van der Merwe created issue -
          arjen.poutsma Arjen Poutsma made changes -
          Field Original Value New Value
          Assignee Arjen Poutsma [ arjen.poutsma ]
          arjen.poutsma Arjen Poutsma made changes -
          Fix Version/s 2.0.4 [ 12628 ]
          Labels waiting-for-triage
          arjen.poutsma Arjen Poutsma made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          arjen.poutsma Arjen Poutsma made changes -
          Worklog Id 28551 [ 28551 ]
          Time Spent 31m [ 1860 ]
          arjen.poutsma Arjen Poutsma made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          arjen.poutsma Arjen Poutsma made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          arjen.poutsma Arjen Poutsma made changes -
          Link This issue relates to SWS-845 [ SWS-845 ]

            People

            • Assignee:
              arjen.poutsma Arjen Poutsma
              Reporter:
              zakvandermerwe Zak van der Merwe
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 31m
                31m