httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43334] New: - Garbage characters in Server header and version string when using mod_ssl statically
Date Sun, 09 Sep 2007 16:43:13 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43334>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43334

           Summary: Garbage characters in Server header and version string
                    when using mod_ssl statically
           Product: Apache httpd-2
           Version: 2.2-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: steven@pyro.eu.org


Since upgrading apache to 2.2.6, I now see 'garbage' displayed in the Server
header of the HTTP response, which I believe is caused by mod_ssl:
  Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 (8$ DAV/2

The error log contains nothing other than this notice, also showing the garbage
characters:
  [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 (8$\b DAV/2 configured -- resuming
normal operations

The garbage characters do not change during successive HTTP requests.  The
string *sometimes* varies when httpd is restarted via 'apachectl restart'.  A
space (0x20) always appears at either side of the garbage characters.  Sometimes
after restarting, no garbage characters appear but there are still two spaces
between mod_ssl/2.2.6 and DAV/2 (presumably the garbage output began with 0x00
on those occasions).

The error is present when no shared modules are being loaded.  I had compiled
httpd from source and configured as follows:
  ./configure --prefix= --localstatedir=/var --sysconfdir=/etc/apache2
--enable-layout=Debian --enable-so --with-program-name=apache2
--with-suexec-caller=www-data --with-suexec-bin=/usr/lib/apache2/suexec2
--with-suexec-docroot=/var/www --with-suexec-userdir=public_html
--with-suexec-logfile=/var/log/apache2/suexec.log --with-ldap=yes
--with-ldap-include=/usr/include --with-ldap-lib=/usr/lib --with-z
--enable-deflate --enable-headers --with-mpm=worker --enable-expires
--enable-ssl --enable-dav --with-apr=/usr

After compiling without --enable-ssl, the version string appeared normal:
  [notice] Apache/2.2.6 (Unix) DAV/2 configured -- resuming normal operations

To double-check, I recompiled with --enable-ssl and restarted, and the problem
reappeared:
  [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 \xde\x10\x10\b\xc6\x10\x10\b DAV/2
configured -- resuming normal operations

An interesting side-effect is that the garbage characters can trigger this error
in Visual Studio or .NET HTTP clients:
  "The server committed a protocol violation. Section=ResponseHeader Detail=CR
must be followed by LF"
The error message partly erroneous, since indeed all CR's were followed by LF's,
and the garbage characters at the time did not include either the CR or LF
control characters.  However, some of the garbage characters were probably
invalid for an HTTP response header, hence the 'protocol violation').

Possibly related to #40146 ?  Though I'm not sure what the "Current
configuration:" message is that the author referred to.

ps. the Version field in the bug tracker does not include 2.2.6, so I had to
select 2.2-HEAD.

Thanks!

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message