You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/06/24 19:26:24 UTC
DO NOT REPLY [Bug 10186] New: -
HTTP-Version in request line is presumed case sensitive
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10186>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10186
HTTP-Version in request line is presumed case sensitive
Summary: HTTP-Version in request line is presumed case sensitive
Product: Apache httpd-1.3
Version: HEAD
Platform: All
URL: http://www.w3.org/Protocols/rfc2068/rfc2068
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: core
AssignedTo: bugs@httpd.apache.org
ReportedBy: stu@xanboo.com
RFC2068, section 2.1 -> "literal" 'Quotation marks surround literal text. Unless
stated otherwise, the text is case-insensitive.', and section 3.1 HTTP-Version:
HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
So a valid request *could* be "GET / Http/1.0" or "GET / http/1.0"
But apache is doing a literal match on the uppercase string "HTTP" (http_protocol.c)
Before this patch:
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_protocol.c.diff?r1=1.314&r2=1.315
There was no noticable problem, as such requests were being silently served up
as the default HTTP/1.0, but now they're being interpreted as bad requests :-(
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org