tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51557] Newline during a http header field name obscures next value
Date Tue, 26 Jul 2011 16:55:56 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51557

--- Comment #1 from Mark Thomas <markt@apache.org> 2011-07-26 16:55:56 UTC ---
The exact quote from RFC 2616 is that HTTP headers "follow the same generic
format as that given in Section 3.1 of RFC 822". RFC 2616 goes further in
defining exactly what is permitted so RFC 2616 remains the relevant
specification in this case.

As per RFC 2616, HTTP header names are tokens which mean no CTLs and no
separators which requires further restrictions than no CTLs and no space.

The patch only addresses the HTTP BIO connector. The issue also needs to be
addressed for the HTTP NIO and HTTP APR/native connectors.

I have an untested patch enforces the RFC 2616 requirements and drops the
header line if an invalid header name is presented (that seemed a better option
than returning a 400 response).

I'm currently running the test suite for all three connectors and will commit
the patch assuming the tests pass.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message