httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Backslashes in HTTP Headers
Date Mon, 01 Oct 2007 01:01:24 GMT
Coadvisor has several testcases involving a Content-Type line with 
a lot of qualifier tokens.  These tokens are quoted strings and
include backslashes.  This is going to wrap when I cut&paste:

Content-Type: text/other; charset=ISO-8859-4; attribute=value; q=0.9;
q=9.0000  ; a="quoted text/html"; a="quoted, list=b"; a="quoted \r\n
new line"; a="quoted \r\n\t\r\n new lines"; a="slashed \alpha";
a="slashed \\nnew line"; a="slashed \\r\\ncrlf"; a="slashed \\n\\nnew
lines"; a="slashed \"string"; a-rvlmxgisq=v-r808478;
a-rtbtrjxmwqirv=v-r797440; a-rwsqj=v-r9946045539;

Our ap_rgetline_core is seeing those quoted \-r-\-n sequences as
newlines and getting hopelessly confused (the outcome is 400
in the case of a request header, 502 from a response).

A simple search of RFC2616 gives:

       message-header = field-name ":" [ field-value ]
       field-name     = token
       field-value    = *( field-content | LWS )
       field-content  = <the OCTETs making up the field-value
                        and consisting of either *TEXT or combinations
                        of token, separators, and quoted-string>

	quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
	quoted-pair    = "\" CHAR

	CHAR           = <any US-ASCII character (octets 0 - 127)>

from which it appears that the header in the testcase is legitimate
and our parser is screwed.


Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message