httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 15864] - Connection field value parser and quoted tokens
Date Fri, 10 Jan 2003 15:55:48 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15864>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15864

Connection field value parser and quoted tokens





------- Additional Comments From coad@measurement-factory.com  2003-01-10 15:55 -------
Section 2.2 "Basic Rules" of RFC 2616 says "A string of text is parsed as a
single word if it is quoted using double-quote marks". Apache does not
obey that rule. You are right that a quoted field is invalid
in the Connection header because Connection BNF does not allow for quoted
strings. It would be OK for Apache to ignore quoted fields. However,
Apache does not ignore them, it [incorrectly] parses and acts on them
(removing end-to-end headers that should not be removed).

Also, this is not just about RFC 2616 compliance. Some real-world HTTP agents are known to
quote their Connection tokens. Thus, it would be
desirable for Apache to parse them correctly, regardless of how this test
case is interpreted compliance-wise.

Overall, I think this is a [minor] bug, and I am pretty sure it will
popup in other contexts, where quoted strings are allowed. Connection
header just makes it easy to test using black-box approach. You probably
want the same "core" parsing code to be used for all headers, and that
code should handle quoted strings correctly.

Do you agree?

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message