Return-Path: 
 <new-httpd-return-12379-apmail-new-httpd-archive=apache.org@apache.org>
Delivered-To: apmail-new-httpd-archive@apache.org
Received: (qmail 89933 invoked by uid 500); 26 Jan 2001 17:32:44 -0000
Mailing-List: contact new-httpd-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: new-httpd@apache.org
list-help: <mailto:new-httpd-help@apache.org>
list-unsubscribe: <mailto:new-httpd-unsubscribe@apache.org>
list-post: <mailto:new-httpd@apache.org>
Delivered-To: mailing list new-httpd@apache.org
Received: (qmail 89555 invoked from network); 26 Jan 2001 17:32:38 -0000
Sender: jfclere@vtxrm2.siemens.es
Message-ID: <3A71B60A.5B4A6E8E@fujitsu-siemens.com>
Date: Fri, 26 Jan 2001 18:38:18 +0100
From: jean-frederic clere <jfrederic.clere@fujitsu-siemens.com>
X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.4.0 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: new-httpd@apache.org
Subject: Re: Funny stuff with content negotiation
References: <011401c086d3$c34ae220$6401a8c0@apache>
		<m3ae8fvesw.fsf@adsl-77-241-65.rdu.bellsouth.net>
 <m34rynvd0q.fsf@adsl-77-241-65.rdu.bellsouth.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N

Jeff Trawick wrote:
> 
> Jeff Trawick <trawickj@bellsouth.net> writes:
> 
> > The Content-Type header field is FUBAR:
> >
> > Breakpoint 4, form_header_field (h=0xbfffb918,
> >     fieldname=0x80ea996 "Content-Type",
> >     fieldval=0x81585d4 "cept-Ranges: bytes\r\nContent-Length: 1311\r\nConnection: close\r\n") at http_protocol.c:1791
> > 1791        headfield = apr_pstrcat(h->r->pool, fieldname, ": ", fieldval, CRLF, NULL);
> >
> > This explains at least part of the bogosity.
> 
> The problem is that the buffer for headers is not large enough.  The
> allocation was moved to a point before where we call
> compute_header_len() on the table, so the len variable is way too
> small when we alloc the buffer.  As we later build the header we
> overlay the storage where the individual header fields lived, thus
> corrupting the table.
> 
> I'll start looking at a fix now (something other than getting a
> 10000-byte header buffer, which is what I'm doing now :) ).
> --
> Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
>        http://www.geocities.com/SiliconValley/Park/9289/
>              Born in Roswell... married an alien...

Yes - That what I have found...

A temp dirty
work_around:apache20@vtxclere:~/apache/httpd-2.0/modules/http > cvs diff
http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvs/apache/httpd-2.0/modules/http/http_protocol.c,v
retrieving revision 1.277
diff -u -r1.277 http_protocol.c
--- http_protocol.c     2001/01/24 23:47:42     1.277
+++ http_protocol.c     2001/01/26 17:28:09
@@ -2482,7 +2482,7 @@
     /* Need to add a fudge factor so that the CRLF at the end of the
headers
      * and the basic http headers don't overflow this buffer.
      */
-    len += strlen(ap_get_server_version()) + 100;
+    len += strlen(ap_get_server_version()) + 1000;
     buff_start = buff = apr_pcalloc(r->pool, len);
     ap_basic_http_header(r, buff);
     buff +=
strlen(buff);                                                      
+++

Sure that on Monday someone will have fixed it cleanly :=)

Cheers

Jean-frederic

+++