You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2023/05/03 06:26:40 UTC

[Bug 66591] New: HttpResponse without any header generates corrupted AJP messages

https://bz.apache.org/bugzilla/show_bug.cgi?id=66591

            Bug ID: 66591
           Summary: HttpResponse without any header generates corrupted
                    AJP messages
           Product: Tomcat 9
           Version: 9.0.74
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: conny.martin@t-systems.com
  Target Milestone: -----

Fix for bug 66512 caused an issue in one of our applications, which does not
set any response header at all. At a first glance no RFC defines that one MUST
set some http header. But we definitely "should". 

So this "Bug" is only to bring this to your attention. At least there should be
an appropriate error message instead of generating corrupted AJP messages.

KR Conny

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66591] HttpResponse without any header generates corrupted AJP messages

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66591

--- Comment #4 from Conny Seifert <co...@t-systems.com> ---
Created attachment 38551
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38551&action=edit
minimal testcase

attached app returns string "test" without any headers.
In case of failure output looks like this
00000000: 0065 7374  .est
At least when using apache http with mod_proxy_ajp

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66591] HttpResponse without any header generates corrupted AJP messages

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66591

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- 11.0.x for 11.0.0-M6 onwards
- 10.1.x for 10.1.9 onwards
-  9.0.x for  9.0.75 onwards
-  8.5.x for  8.5.89 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66591] HttpResponse without any header generates corrupted AJP messages

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66591

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
I've tried to recreate this locally but am unable to. Specifically, I have not
been able to write a Servlet that causes Tomcat to send an AJP response with no
headers.

Please provide the simplest test case that recreates this issue from a clean
install of the latest release of any supported version of Tomcat (8.5.x, 9.0.x,
10.1.x or 11.0.x as I write this).

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [Bug 66591] HttpResponse without any header generates corrupted AJP messages

Posted by koteswara Rao Gundapaneni <ko...@gmail.com>.

Dear team,

Server might  sends message headers for the request done by client


Here the response might be empty atheist I considered it a servlet


Regards
Koti



On Wed, 3 May 2023, 14:43 , <bu...@apache.org> wrote:

> https://bz.apache.org/bugzilla/show_bug.cgi?id=66591
>
> --- Comment #1 from Mark Thomas <ma...@apache.org> ---
> Thanks for the report.
>
> My reading of RFC 9110 (section 3.4) is that responses do not require
> headers.
> I am a little curious how the fix for bug 66512 triggered this but it does
> look
> like a bug.
>
> I'm working on this now.
>
> --
> You are receiving this mail because:
> You are the assignee for the bug.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

[Bug 66591] HttpResponse without any header generates corrupted AJP messages

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66591

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report.

My reading of RFC 9110 (section 3.4) is that responses do not require headers.
I am a little curious how the fix for bug 66512 triggered this but it does look
like a bug.

I'm working on this now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66591] HttpResponse without any header generates corrupted AJP messages

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66591

--- Comment #3 from Conny Seifert <co...@t-systems.com> ---
If I understood the code correctly, the "header-loop" beginning in line 950 is
not entered at all in case of 0 headers. So no https status code is appended to
AJP response and also the number of headers is missing then.

https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/ajp/AjpProcessor.java

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66591] HttpResponse without any header generates corrupted AJP messages

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66591

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #5 from Mark Thomas <ma...@apache.org> ---
Thanks - I can recreate it now. I have a test case and the fix looks simple.
Just need to run a few more tests.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org