www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pascal Gaudette <pas...@entrust.com>
Subject protocol/4299: Small Problem with HTTP headers extended over multiple lines
Date Fri, 23 Apr 1999 23:02:08 GMT

>Number:         4299
>Category:       protocol
>Synopsis:       Small Problem with HTTP headers extended over multiple lines
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Apr 23 16:10:01 PDT 1999
>Originator:     pascal@entrust.com
>Release:        1.3.6
Tested under SunOS zigbert 5.5.1 Generic_103640-24 sun4u sparc SUNW,Ultra-5_10,
but problem found in source as well.

I believe there is a slight bug in Apache when dealing with HTTP headers
that are split over two or more lines.

To quote the HTTP/1.1 spec:
> Header fields can be extended over multiple lines by preceding each
> extra line with at least one SP or HT.

To me, this implies that these extra SP or HT characters should NOT be
considered part of the value of the header.  So the follwing two inputs
(with spaces, CR and LF explicitely noted) should both produce the same
header value of "abcde":

User-Agent: SP abcde CFLF

User-Agent: SP abc CRLF

Unfortunately, Apache includes the SPs and HTs that denote line continuation
into the header's value.

Set up Apache, enable the cgi-bin directory and the printenv CGI.  Telnet
to Apache's port and input a request with a folded header.  Look at the
output and see that the extra spaces have been deemed part of the value.

% telnet myapachehost 80
Trying <ip>...
Connected to myapachehost.
Escape character is '^]'.
GET /cgi-bin/printenv HTTP/1.0
Foo: abc


I believe this problem is in the getline() function in main/http_protocol.c
(starting at line 643).

This function should trim leading SP and HT characters in continuation lines.
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]

View raw message