www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Lack <gml4...@ggr.co.uk>
Subject mod_cgi/1176: Apache cannot handle continuation line in headers
Date Mon, 29 Sep 1997 14:20:03 GMT

>Number:         1176
>Category:       mod_cgi
>Synopsis:       Apache cannot handle continuation line in headers
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Sep 29 07:20:02 1997
>Originator:     gml4410@ggr.co.uk
>Release:        1.2.4 & 1.3a1
Tested for 1.2.4 on SG Irix5.3, but the bug is obvious from reading
the code and is not OS dependent.
   The HTTP standard allows for continuation lines in the header field.

   RFC1945 (HTTP/1.0) allows it, but doesn't recommend it.

   RFC2068 (HTTP/1.1) allows it with no such qualms.

   [Both in Section 4.2]

   The Apache code which looks at headers coming back from cgi-bin
programs (scan_script_header_err in util_script.c - only called by
mod_cgi.c) make no attempt to look for continuation lines.  As such, the
example script (given below) produces an error.

   The error log entry is like this:

[Mon Sep 29 14:33:41 1997] access to /my-apache-server/cgi-bin/gml-split
 failed for localhost, reason: malformed header from script.
 Bad header= text/plain


a) NCSA http server (1.5.2a) allowed for continuation lines (but got the
code slightly wrong, hence the leading space in the body of the message,
which highlights *their* bug).

b) Netscape Enterprise 2.01 suffers from the bug too (they now have a
bug report about it as well).
   Add this simple script as a cgi-bin program and try to access it.

echo "Content-type:"
echo " text/plain"
echo "Content-length: 6"
echo ""
echo " Z234"
Not immediately, although a look at what sendmail does for headers 
might be a way forward.

You might also like to consider combining the problem in PR#1028 here (found
by searching for "header" before submitting this).  There is a denial-of-service
problem if a cgi-bin program decides to send its headers in a loop, ie. all valid
but repeated

View raw message