You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by john c robinson <jc...@e-orchard.com> on 1998/12/19 14:31:33 UTC

protocol/3562: Bug in Netscape cookies breaks 1.3.3 (very rare but absolutely crippling)

>Number:         3562
>Category:       protocol
>Synopsis:       Bug in Netscape cookies breaks 1.3.3 (very rare but absolutely crippling)
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sat Dec 19 05:40:00 PST 1998
>Last-Modified:
>Originator:     jcr@e-orchard.com
>Organization:
apache
>Release:        1.3.3
>Environment:
All versions
>Description:
In version 1.2.6 (and prior) bad headers from the client were probably ignored.
In at least 1.3.3, http_protocol.c now returns a 'Bad Request ... missing colon'
error. 

In Netscape, 3.0 and prior, when it tries to send a cookie with no value, it
instead sends a cookie with the value of a CR. This will of course terminate
the line. The remainder of the cookie data is found in the next line Apache
gets. Apache gets it, and pukes on the bad cookie.

This would otherwise be just a Netscape bug... BUT, up until (1.3?) the latest
version of the server the line was (probably) ignored, this new behaivor is
devestating to a web site that gave visitors empty cookies. Simply
fixing the CGI script is not enough as the browser still has the bad cookie.
(Ever get 50,000 people to delete their cookies.txt file?? NOO!)
>How-To-Repeat:
Set Cookie: XXX=a; YYY=; ZZZ=c
Have Wintel Netscape 3.0 (I used Netscape 3.0.4 Gold) take the cookie.  
Now restart the web browser, and select any page (even html) within the site.
>Fix:
Ignore garbled headers instead of returning an error document!
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]