www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Lack <gml4...@ggr.co.uk>
Subject mod_cgi/1176: Apache cannot handle continuation line in headers
Date Mon, 29 Sep 1997 14:20:03 GMT

>Number:         1176
>Category:       mod_cgi
>Synopsis:       Apache cannot handle continuation line in headers
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Sep 29 07:20:02 1997
>Originator:     gml4410@ggr.co.uk
>Organization:
apache
>Release:        1.2.4 & 1.3a1
>Environment:
Tested for 1.2.4 on SG Irix5.3, but the bug is obvious from reading
the code and is not OS dependent.
>Description:
   The HTTP standard allows for continuation lines in the header field.

   RFC1945 (HTTP/1.0) allows it, but doesn't recommend it.

   RFC2068 (HTTP/1.1) allows it with no such qualms.

   [Both in Section 4.2]

   The Apache code which looks at headers coming back from cgi-bin
programs (scan_script_header_err in util_script.c - only called by
mod_cgi.c) make no attempt to look for continuation lines.  As such, the
example script (given below) produces an error.

   The error log entry is like this:

[Mon Sep 29 14:33:41 1997] access to /my-apache-server/cgi-bin/gml-split
 failed for localhost, reason: malformed header from script.
 Bad header= text/plain


   Interestingly:

a) NCSA http server (1.5.2a) allowed for continuation lines (but got the
code slightly wrong, hence the leading space in the body of the message,
which highlights *their* bug).

b) Netscape Enterprise 2.01 suffers from the bug too (they now have a
bug report about it as well).
>How-To-Repeat:
   Add this simple script as a cgi-bin program and try to access it.

#!/bin/sh
echo "Content-type:"
echo " text/plain"
echo "Content-length: 6"
echo ""
echo " Z234"
>Fix:
Not immediately, although a look at what sendmail does for headers 
might be a way forward.

You might also like to consider combining the problem in PR#1028 here (found
by searching for "header" before submitting this).  There is a denial-of-service
problem if a cgi-bin program decides to send its headers in a loop, ie. all valid
but repeated
>Audit-Trail:
>Unformatted:



Mime
View raw message