Return-Path: 
 <bugs-return-8245-apmail-httpd-bugs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org
Received: (qmail 97080 invoked by uid 500); 3 Jun 2003 03:47:09 -0000
Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:bugs@httpd.apache.org>
List-Help: <mailto:bugs-help@httpd.apache.org>
List-Unsubscribe: <mailto:bugs-unsubscribe@httpd.apache.org>
List-Subscribe: <mailto:bugs-subscribe@httpd.apache.org>
Reply-To: "Apache HTTPD Bugs Notification List" <bugs@httpd.apache.org>
Delivered-To: mailing list bugs@httpd.apache.org
Received: (qmail 97036 invoked from network); 3 Jun 2003 03:47:09 -0000
Date: 3 Jun 2003 03:49:30 -0000
Message-ID: <20030603034930.12721.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: bugs@httpd.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 20438] New:  -
    LimitRequestFieldSize/LimitRequestFields Issue
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20438>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20438

LimitRequestFieldSize/LimitRequestFields Issue

           Summary: LimitRequestFieldSize/LimitRequestFields Issue
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: All
        OS/Version: Other
            Status: NEW
          Severity: Minor
          Priority: Other
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mattmurphy@kc.rr.com


Apache 2.0.46 and prior suffer from an error in the request field handling.  
Apache treats:

GET / HTTP/1.1
Host: localhost
Accept-Encoding: [2000 characters]
Accept-Encoding: [2000 characters]
Accept-Encoding: [2000 characters]
Accept-Encoding: [2000 characters]
Accept-Encoding: [2000 characters]

AS

GET / HTTP/1.1
Host: localhost
Accept-Encoding: [2000],[2000],[2000],[2000],[2000]

This bypasses the LimitRequestFieldSize directive.  This also works on headers 
that normally shouldn't use multiple options (e.g, User-Agent).  I am not 
certain of this, but wouldn't such concatenations also bypass 
LimitRequestFields?  This is no major deal, but perhaps the docs should be 
updated to indicate this behavior?

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org