www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Jarosch <t...@gmx.de>
Subject general/8480: Trailing CRLF on POSTs not handled correctly
Date Sat, 06 Oct 2001 10:39:54 GMT

>Number:         8480
>Category:       general
>Synopsis:       Trailing CRLF on POSTs not handled correctly
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sat Oct 06 03:40:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     tomj@gmx.de
>Release:        1.3.20
>Organization:
apache
>Environment:
Redhat Linux 6.1
Apach 1.3.20
>Description:
I can reproduce a problem handling the trailing CRLF on POSTs with a tcpdump of a form submitted
with Netscape 4.6 under Windows NT 4.0. If you send this request to Apache (I used netcat
to reproduce the bug), Apache will return nothing to the sender. Netscape will present a "document
contains no data" page to the user.

If I change the Content-Length to +2 Bytes for the extra CRLF or I remove the trailing CRLF,
everything works perfect.
>How-To-Repeat:
Create a page where you can POST data (like an empty PHP file), adjust the URL in the "POST
XXX HTTP/1.0" line and do a netcat -v webserver 80 <netscape_postbug.txt

Here is my netscape_postbug.txt.
(Filesize is 457 bytes, don't forget to save the extra CRLF):
POST /test.php HTTP/1.0
Referer: http://intradev.local/arnie?form=hauptseite
Connection: Keep-Alive
User-Agent: Mozilla/4.6 [en-gb] (WinNT; I)
Host: intradev.local
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en-GB,en,en-*
Accept-Charset: iso-8859-1,*,utf-8
Content-type: application/x-www-form-urlencoded
Content-length: 47

form=hauptseite&provider=6&email=Email+Transfer
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message