geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sangjin Lee (JIRA)" <>
Subject [jira] Commented: (GERONIMO-3857) response header parsing is done incorrectly
Date Fri, 15 Feb 2008 07:47:10 GMT


Sangjin Lee commented on GERONIMO-3857:

There is also an issue of handling folded headers.  Namely if a CRLF is followed by a LWSP
character (SPACE or HTAB), it should be considered a continuation of the previous header line.

HttpResponseDecoder does not handle that case correctly, as it relies solely on CRLF to determine
line boundaries.  It would not be able to handle folded headers.  I will follow up with a
separate bug on that issue.  I think it can be handled with a separate fix...

> response header parsing is done incorrectly
> -------------------------------------------
>                 Key: GERONIMO-3857
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: AsyncHttpClient
>    Affects Versions: 1.x
>            Reporter: Sangjin Lee
>            Assignee: Rick McGuire
>         Attachments: GERONIMO-3857.patch
> When we decode response headers, HttpDecoder separates name from value using ": " (note
the *single*space after the colon).  This is incorrect.  The HTTP spec says
> - The field value MAY be preceded by any amount of LWS, though a single SP is preferred.
> The separator pattern should be simply ":".  Then any preceding or trailing LWSP characters
(SP or HT) should be removed from the value.  This is a rather critical issue.  I had headers
> Server: Foo
> Content-Length:62
> Connection: close
> (notice lack of space after "Content-Length:")
> HttpResponseDecoder cannot properly parse the above headers, and throws a StringIndexOutOfBoundsException.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message