httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 29237] - 1.3.31 breaks mod_dav
Date Mon, 21 Jun 2004 17:21:24 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29237>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29237

1.3.31 breaks mod_dav





------- Additional Comments From apache-bugs@jeffg.org  2004-06-21 17:21 -------
This bug breaks regular CGI programs on the first POST request if sent without
credentials.  Here's what the client sends:

POST /foo/bar.cgi HTTP/1.1\r\n
Host: blah\r\n
Content-length: 20\r\n
\r\n
foo=bar&baz=flummox\r\n

Because the request does not yet have keepalive set from the server's
perspective, the server closes the request immediately after receiving the \r\n
on a blank line and sends a 401.  Now something happens on the server (I'm
guessing the socket doesn't get flushed) that causes the last bit of data
written by the client to be prepended to REQUEST_METHOD for the requested CGI
program.  When the CGI checks REQUEST_METHOD, it gets a surprise:

foo=bar&baz=flummoxPOST

I've observed this behavior on both Solaris and Win32.

Backing out the change per 'Jeff Trawick 2004-05-28 02:15' fixes the behavior
described here as well.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message