You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2006/05/07 22:39:04 UTC
DO NOT REPLY [Bug 39508] New: - Tomcat should reply with status 400 if HTTP/1.0 and no content-length
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39508
Summary: Tomcat should reply with status 400 if HTTP/1.0 and no
content-length
Product: Tomcat 5
Version: 5.5.16
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Connector:Coyote
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: jochen@apache.org
The HTTP/1.0 specification states:
7.2.2 Length
[...]
If a request contains an entity body and Content-Length is not specified,
and the server does not recognize or cannot calculate the length from
other fields, then the server should send a 400 (bad request) response.
However, Tomcat simply drops the entity body in such cases. This can easily be
reproduced by running
nc 127.0.0.1 8080 </tmp/info.dump
with the file that I am attaching soon.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39508
------- Additional Comments From jochen@apache.org 2006-05-07 20:40 -------
Created an attachment (id=18243)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=18243&action=view)
Servlet being invoked by the request
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39508
------- Additional Comments From jochen@apache.org 2006-05-07 20:39 -------
Created an attachment (id=18242)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=18242&action=view)
Request demonstrating the problem, for use with "nc 127.0.0.1 8080"
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39508
------- Additional Comments From remm@apache.org 2006-05-07 23:29 -------
I remember I looked into something similar not too long ago, and it was bug
38030. Indeed, there isn't going to be a fix for this.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39508
william.barker@wilshire.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From william.barker@wilshire.com 2006-05-07 22:20 -------
RFC 1945 (which is where I assume the quote is coming from) is informational
only. AFAIK, there isn't any official HTTP/1.0 standard, and RFC 2616 (the
HTTP/1.1 spec) is the closest you're going to get. Tomcat's behavior is
correct wrt RFC 2616.
The only way that Tomcat could possibly determine that a Request body was sent
is to peek at the input. This would slow down request processing to an
unacceptable level. And, since Tomcat's behavior here is identical to Httpd's
(so, in particular, the AJP/1.3 Connector would alway do this :), this seems
to be a reasonable way to deal with broken HTTP/1.0 clients. The Servlet is
always free to send back a 400 Response code if it doesn't get what it is
looking for.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org