You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2006/05/07 22:39:04 UTC

DO NOT REPLY [Bug 39508] New: - Tomcat should reply with status 400 if HTTP/1.0 and no content-length

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39508

           Summary: Tomcat should reply with status 400 if HTTP/1.0 and no
                    content-length
           Product: Tomcat 5
           Version: 5.5.16
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connector:Coyote
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: jochen@apache.org


The HTTP/1.0 specification states:

    7.2.2 Length

    [...]
    If a request contains an entity body and Content-Length is not specified,
    and the server does not recognize or cannot calculate the length from
    other fields, then the server should send a 400 (bad request) response.

However, Tomcat simply drops the entity body in such cases. This can easily be
reproduced by running

    nc 127.0.0.1 8080 </tmp/info.dump

with the file that I am attaching soon.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39508





------- Additional Comments From jochen@apache.org  2006-05-07 20:40 -------
Created an attachment (id=18243)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=18243&action=view)
Servlet being invoked by the request


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39508





------- Additional Comments From jochen@apache.org  2006-05-07 20:39 -------
Created an attachment (id=18242)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=18242&action=view)
Request demonstrating the problem, for use with "nc 127.0.0.1 8080"


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39508





------- Additional Comments From remm@apache.org  2006-05-07 23:29 -------
I remember I looked into something similar not too long ago, and it was bug
38030. Indeed, there isn't going to be a fix for this.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 39508] - Tomcat should reply with status 400 if HTTP/1.0 and no content-length

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39508>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39508


william.barker@wilshire.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Additional Comments From william.barker@wilshire.com  2006-05-07 22:20 -------
RFC 1945 (which is where I assume the quote is coming from) is informational 
only.  AFAIK, there isn't any official HTTP/1.0 standard, and RFC 2616 (the 
HTTP/1.1 spec) is the closest you're going to get.  Tomcat's behavior is 
correct wrt RFC 2616.

The only way that Tomcat could possibly determine that a Request body was sent 
is to peek at the input.  This would slow down request processing to an 
unacceptable level.  And, since Tomcat's behavior here is identical to Httpd's 
(so, in particular, the AJP/1.3 Connector would alway do this :), this seems 
to be a reasonable way to deal with broken HTTP/1.0 clients.  The Servlet is 
always free to send back a 400 Response code if it doesn't get what it is 
looking for.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org