Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 78336 invoked from network); 15 Feb 2008 07:47:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Feb 2008 07:47:33 -0000 Received: (qmail 19693 invoked by uid 500); 15 Feb 2008 07:47:25 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 19630 invoked by uid 500); 15 Feb 2008 07:47:25 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 19612 invoked by uid 99); 15 Feb 2008 07:47:25 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Feb 2008 23:47:25 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Feb 2008 07:47:01 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 62DC9714074 for ; Thu, 14 Feb 2008 23:47:10 -0800 (PST) Message-ID: <30468282.1203061630400.JavaMail.jira@brutus> Date: Thu, 14 Feb 2008 23:47:10 -0800 (PST) From: "Sangjin Lee (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-3857) response header parsing is done incorrectly In-Reply-To: <3922744.1203060547977.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-3857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12569195#action_12569195 ] Sangjin Lee commented on GERONIMO-3857: --------------------------------------- There is also an issue of handling folded headers. Namely if a CRLF is followed by a LWSP character (SPACE or HTAB), it should be considered a continuation of the previous header line. HttpResponseDecoder does not handle that case correctly, as it relies solely on CRLF to determine line boundaries. It would not be able to handle folded headers. I will follow up with a separate bug on that issue. I think it can be handled with a separate fix... > response header parsing is done incorrectly > ------------------------------------------- > > Key: GERONIMO-3857 > URL: https://issues.apache.org/jira/browse/GERONIMO-3857 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: AsyncHttpClient > Affects Versions: 1.x > Reporter: Sangjin Lee > Assignee: Rick McGuire > Attachments: GERONIMO-3857.patch > > > When we decode response headers, HttpDecoder separates name from value using ": " (note the *single*space after the colon). This is incorrect. The HTTP spec says > - The field value MAY be preceded by any amount of LWS, though a single SP is preferred. > The separator pattern should be simply ":". Then any preceding or trailing LWSP characters (SP or HT) should be removed from the value. This is a rather critical issue. I had headers like > Server: Foo > Content-Length:62 > Connection: close > (notice lack of space after "Content-Length:") > HttpResponseDecoder cannot properly parse the above headers, and throws a StringIndexOutOfBoundsException. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.