httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Fogel <kfo...@newton.ch.collab.net>
Subject httpd bug: bodies of bad requests not eaten correctly
Date Tue, 25 Jun 2002 20:27:25 GMT
Greg Stein and I were just on the phone tracking down a Subversion
bug, but now we think it's an Apache bug (well, he says it is, and I
always find his suave, velvet-toned voice hypnotically convincing).

I don't have an easy reproduction recipe to offer (can produce a
recipe if absolutely necessary), but it may be that a simple
description of the bug will suffice.

This change

   2002-06-07 17:31  rbb
   ---------------------
   * modules/dav/main/mod_dav.c (1.80), modules/http/http_request.c
   (1.146), server/protocol.c (1.105): Call ap_discard_request_body
   from ap_finalize_request.  Remove the call from all other modules
   that do not use it to determine the response for the request.

removes calls to ap_discard_request_body() from mod_dav.c, apparently
under the assumption that the discarding will now be happening in the
httpd core instead of in the module.

I don't know enough about the code flow in server/protocol.c to say
what exactly is wrong with the change there (if anything), but based
on the results, I think the discarding is not always happening when it
should.

Here is a protocol capture that shows Apache failing to discard a
body that arrives after the server has already sent an early error
back to the client (so when the body does arrive, it is mistakenly
interpreted as a new request).

I've inserted banners to clarify who is doing the talking (since y'all
don't have the advantage of Ethereal's colorization), but otherwise
haven't changed anything:

=============================
CLIENT: sends initial request
=============================

   PROPFIND /local_tmp/repos/iota HTTP/1.1
   User-Agent: neon/0.21.2 SVN/0.13.1 (dev build)
   Connection: TE
   TE: trailers
   Depth: 0
   Content-Length: 211
   Content-Type: text/xml
   Host: localhost
   

================================================================
SERVER: responds early, before above request's body has come in:
================================================================

   HTTP/1.1 404 Not Found
   Date: Tue, 25 Jun 2002 19:47:43 GMT
   Server: Apache/2.0.40-dev (Unix) DAV/2 SVN/0.13.1 (dev build)
   Content-Length: 237
   Content-Type: text/xml; charset="utf-8"
   
   <?xml version="1.0" encoding="utf-8"?>
   <D:error xmlns:D="DAV:" xmlns:m="http://apache.org/dav/xmlns" xmlns:C="svn:">
   <C:error/>
   <m:human-readable errcode="21067">
   file not found: revision `0', path `/iota'
   </m:human-readable>
   </D:error>

=================================================================
CLIENT: remainder of previous request now arrives from client,
        followed by the (intended) beginning of the next request.
=================================================================

   <?xml version="1.0" encoding="utf-8"?>
   <propfind xmlns="DAV:"><prop>
   <version-controlled-configuration xmlns="DAV:"/>
   <baseline-relative-path xmlns="svn:"/>
   <resourcetype xmlns="DAV:"/>
   </prop></propfind>
   PUT /local_tmp/repos/!svn/wrk/c806656a-d21d-b211-a317-c74ffc6738d7/A/D/gamma HTTP/1.1
   User-Agent: neon/0.21.2 SVN/0.13.1 (dev build)
   Connection: TE
   TE: trailers
   Content-Type: application/vnd.svn-svndiff
   Content-Length: 35
   Host: localhost
   
   SVN

====================================================================
SERVER: Apparently forgets to eat the body of the discarded request,
        and therefore treats the "<?xml version=...>" above as the
        beginning of a new request, which of course results in a Bad
        Request error:
====================================================================

   HTTP/1.1 400 Bad Request
   Date: Tue, 25 Jun 2002 19:47:43 GMT
   Server: Apache/2.0.40-dev (Unix) DAV/2 SVN/0.13.1 (dev build)
   Content-Length: 406
   Connection: close
   Content-Type: text/html; charset=iso-8859-1
   
   <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>400 Bad Request</title>
   </head><body>
   <h1>Bad Request</h1>
   <p>Your browser sent a request that this server could not understand.<br />
   Request header field is missing colon separator.<br />
   <pre>
   &lt;/prop&gt;&lt;/propfind&gt;</pre>
   </p>
   <hr />
   <address>Apache/2.0.40-dev Server at gauss.ch.collab.net Port 80</address>
   </body></html>

Thanks,
-Karl

Mime
View raw message