httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49474] New: http-2 fails in processing chunked requests with long chunk-size / -extension line
Date Sun, 20 Jun 2010 13:53:25 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49474

           Summary: http-2 fails in processing chunked requests with long
                    chunk-size / -extension line
           Product: Apache httpd-2
           Version: 2.2.15
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tee.bee@gmx.de


Overview:
Due to RFC 2616 (3.6.1) a request may be chunked encoded. Moreover the
chunk-size line can be extended by zero or more chunk extensions. Apache http-2
fails in processing such requests if the length of a chunk-size / -extension
line exceeds 31 bytes (including CRLF).

Steps to Reproduce:
1) A chunked encoded POST request with chunk-size / -extension lines of length
at most 31 bytes is handled correctly:
    $ telnet localhost 80
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    POST /cgi-bin/printenv HTTP/1.1
    Host: $host
    Connection: close
    Transfer-Encoding: chunked

    5;ext-name=ext-val
    01234
    0

    HTTP/1.1 200 OK
[...]

2) However, a chunked encoded POST request a with chunk-size / -extension line
of length 32 bytes or more is not processed:
    $ telnet localhost 80
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    POST /cgi-bin/printenv HTTP/1.1
    Host: $host
    Connection: close
    Transfer-Encoding: chunked

    5;ext-name=very-long-ext-val32
    01234
    0

No response.

Actual Results:
The server does not answer the request.

Expected Results:
The server should be RFC 2616 (3.6.1) compliant and process the request.

Build Date & Platform:
$. /httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   Jun 20 2010 15:03:53
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.4.2, APR-Util 1.3.9
Compiled using: APR 1.4.2, APR-Util 1.3.9
Architecture:   32-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="[...]/apache2"
 -D SUEXEC_BIN="[...]/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

$uname -srvmpio
Linux 2.6.32-22-generic #36-Ubuntu SMP Thu Jun 3 22:02:19 UTC 2010 i686 unknown
unknown GNU/Linux

Additional Information:
It is likely that the problem could be fixed by (re-)setting
    ctx->pos = ctx->chunk_ln;
at the end of
    get_remaining_chunk_line()
in
    httpd-2.2.15/modules/http/http_filters.c
.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message