geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sangjin Lee (JIRA)" <>
Subject [jira] Updated: (GERONIMO-3857) response header parsing is done incorrectly
Date Fri, 15 Feb 2008 07:45:07 GMT


Sangjin Lee updated GERONIMO-3857:

    Attachment: GERONIMO-3857.patch

A suggested fix

> response header parsing is done incorrectly
> -------------------------------------------
>                 Key: GERONIMO-3857
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: AsyncHttpClient
>    Affects Versions: 1.x
>            Reporter: Sangjin Lee
>            Assignee: Rick McGuire
>         Attachments: GERONIMO-3857.patch
> When we decode response headers, HttpDecoder separates name from value using ": " (note
the *single*space after the colon).  This is incorrect.  The HTTP spec says
> - The field value MAY be preceded by any amount of LWS, though a single SP is preferred.
> The separator pattern should be simply ":".  Then any preceding or trailing LWSP characters
(SP or HT) should be removed from the value.  This is a rather critical issue.  I had headers
> Server: Foo
> Content-Length:62
> Connection: close
> (notice lack of space after "Content-Length:")
> HttpResponseDecoder cannot properly parse the above headers, and throws a StringIndexOutOfBoundsException.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message