You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/06/24 19:26:24 UTC

DO NOT REPLY [Bug 10186] New: - HTTP-Version in request line is presumed case sensitive

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10186>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10186

HTTP-Version in request line is presumed case sensitive

           Summary: HTTP-Version in request line is presumed case sensitive
           Product: Apache httpd-1.3
           Version: HEAD
          Platform: All
               URL: http://www.w3.org/Protocols/rfc2068/rfc2068
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: stu@xanboo.com


RFC2068, section 2.1 -> "literal" 'Quotation marks surround literal text. Unless
stated otherwise, the text is case-insensitive.', and section 3.1 HTTP-Version:
HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT

So a valid request *could* be "GET / Http/1.0" or "GET / http/1.0"

But apache is doing a literal match on the uppercase string "HTTP" (http_protocol.c)

Before this patch:
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_protocol.c.diff?r1=1.314&r2=1.315
There was no noticable problem, as such requests were being silently served up
as the default HTTP/1.0, but now they're being interpreted as bad requests :-(

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org