httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 49825] New: mod_dav PUT treats malformed Content-Range as if it were absent
Date Thu, 26 Aug 2010 01:11:02 GMT

           Summary: mod_dav PUT treats malformed Content-Range as if it
                    were absent
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_dav


In dav_parse_range(), called by dav_method_put(), a failure to parse the
Content-Range request-header is treated the same as if the header were absent.
I think this is wrong for several reasons:

1, Apache's current behavior is pretty much guaranteed to not be the behavior
the client needs or expects; if I'm attempting to patch the middle of a file, I
don't want the server to replace the entire file with the patch and then report

2, although comments in mod_dav.c indicate that the behavior is motivated by
RFC2616 [14.16], the relevant paragraph says: "The recipient of an invalid
byte-content-range-spec MUST ignore it and any content transferred along with
it." In other words, the server is required *not to use* the request
entity-body if it is accompanied by an unparsable Content-Range header.

I think that both RFC2616 and common sense indicate that if dav_parse_range()
cannot parse a Content-Range header, Apache should reject the entire request
(presumably with an HTTP 400 error code).

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message