www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <vm...@osu.edu>
Subject protocol/4716: Server send invalid response if chunked transfer has chunk larger than 4095 bytes.
Date Thu, 08 Jul 1999 20:29:55 GMT

>Number:         4716
>Category:       protocol
>Synopsis:       Server send invalid response if chunked transfer has chunk larger than
4095 bytes.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Jul  8 13:40:01 PDT 1999
>Last-Modified:
>Originator:     vman+@osu.edu
>Organization:
apache
>Release:        1.3.6
>Environment:
OpenVMS 7.1-1h2, DEC C 6.0 C compiler (ALPACRTL08), TCP/IP serv. for VMS 4.2ECO2
>Description:
In porting Apache to OpenVMS, limitations in the stat() function require
some files to be transferred using chunked transfer encoding rather than
via a content-length header.  When transferring files ap_bwrite gets called
with buffers larger than 4095 (0x0fff), which buff.c tries to convert to
a data chunk.  The bug is that CHUNK_HEADER_SIZE is only 5, for a 4 digit
hex number this causes the chunk header to overflow into data section and
gets the bytes counts out of sync.  The 1.1 client (e.g. IE5) hangs when
it tries to download this file.
>How-To-Repeat:
Remove the set_content_length call from default_handerl() function in 
http_core.c to force it to use chunked transfer mode.
>Fix:
Changing the value of CHUNK_HEADER_SIZE from 5 to 6 apparently fixes the
problem.  The real error may be that ap_bwrite() isn't breaking up the
buffer to write into smaller pieces for the chunk encapsulation - I don't
know enough about how the buffering is implemented.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]




Mime
View raw message