You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/08/05 09:30:31 UTC

[Bug 65483] New: Garbage characters in Server header and version string when using mod_ssl statically

https://bz.apache.org/bugzilla/show_bug.cgi?id=65483

            Bug ID: 65483
           Summary: Garbage characters in Server header and version string
                    when using mod_ssl statically
           Product: Apache httpd-test
           Version: unspecified
          Hardware: PC
               URL: http://svn.apache.org/viewvc?view=rev&revision=574884
                OS: Linux
            Status: NEW
          Keywords: PatchAvailable
          Severity: critical
          Priority: P1
         Component: flood
          Assignee: bugs@httpd.apache.org
          Reporter: angiografin3@gmail.com
                CC: bugs@httpd.apache.org, c.hargr@gmail.com,
                    Craig@haquarter.de, cuicui.oizo@free.fr,
                    durket@hw-durket.stanford.edu, rl@math.technion.ac.il,
                    rudy.amid@tais.toshiba.com,
                    srattai@zmnh.uni-hamburg.de, steven@pyro.eu.org,
                    wbreyha@gmx.net
        Depends on: 43334
  Target Milestone: ---

+++ This bug was initially created as a clone of Bug #43334 +++

Since upgrading apache to 2.2.6, I now see 'garbage' displayed in the Server
header of the HTTP response, which I believe is caused by mod_ssl:
  Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 (8$ DAV/2

The error log contains nothing other than this notice, also showing the garbage
characters:
  [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 (8$\b DAV/2 configured -- resuming
normal operations

The garbage characters do not change during successive HTTP requests.  The
string *sometimes* varies when httpd is restarted via 'apachectl restart'.  A
space (0x20) always appears at either side of the garbage characters. 
Sometimes
after restarting, no garbage characters appear but there are still two spaces
between mod_ssl/2.2.6 and DAV/2 (presumably the garbage output began with 0x00
on those occasions).

The error is present when no shared modules are being loaded.  I had compiled
httpd from source and configured as follows:
  ./configure --prefix= --localstatedir=/var --sysconfdir=/etc/apache2
--enable-layout=Debian --enable-so --with-program-name=apache2
--with-suexec-caller=www-data --with-suexec-bin=/usr/lib/apache2/suexec2
--with-suexec-docroot=/var/www --with-suexec-userdir=public_html
--with-suexec-logfile=/var/log/apache2/suexec.log --with-ldap=yes
--with-ldap-include=/usr/include --with-ldap-lib=/usr/lib --with-z
--enable-deflate --enable-headers --with-mpm=worker --enable-expires
--enable-ssl --enable-dav --with-apr=/usr

After compiling without --enable-ssl, the version string appeared normal:
  [notice] Apache/2.2.6 (Unix) DAV/2 configured -- resuming normal operations

To double-check, I recompiled with --enable-ssl and restarted, and the problem
reappeared:
  [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 \xde\x10\x10\b\xc6\x10\x10\b DAV/2
configured -- resuming normal operations

An interesting side-effect is that the garbage characters can trigger this
error
in Visual Studio or .NET HTTP clients:
  "The server committed a protocol violation. Section=ResponseHeader Detail=CR
must be followed by LF"
The error message partly erroneous, since indeed all CR's were followed by
LF's,
and the garbage characters at the time did not include either the CR or LF
control characters.  However, some of the garbage characters were probably
invalid for an HTTP response header, hence the 'protocol violation').

Possibly related to #40146 ?  Though I'm not sure what the "Current
configuration:" message is that the author referred to.

ps. the Version field in the bug tracker does not include 2.2.6, so I had to
select 2.2-HEAD.

Thanks!


Referenced Bugs:

https://bz.apache.org/bugzilla/show_bug.cgi?id=43334
[Bug 43334] Garbage characters in Server header and version string when using
mod_ssl statically
-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 65483] Garbage characters in Server header and version string when using mod_ssl statically

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65483

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org