You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/11/10 20:44:28 UTC

[Bug 57198] New: mod_proxy_fcgi wrong behavior with 304

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

            Bug ID: 57198
           Summary: mod_proxy_fcgi wrong behavior with 304
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_proxy_fcgi
          Assignee: bugs@httpd.apache.org
          Reporter: spizella001@gmail.com

The patch r1331416 introduced a serious bug: 

In the case described in bug 52879 (a PHP script run as fastcgi through php-fpm
and mod_proxy_fcgi which returns a Last-Modified header with no Status header),
httpd (after fix r1331416) does indeed now return a 304 status (if a matching
If-not-modified header is in the request) BUT the content of the php script is
also sent. 

This breaks the http protocol as described in rfc2616 section 10.3.5: "The 304
response MUST NOT contain a message-body, and thus is always terminated by the
first empty line after the header fields."

This invalid behavior cause a serious problem when processed by a reverse proxy
placed in front of the backends. When the proxy receives this invalid 304
response (containing a body), it immediately sends a 304 to the client and
ignores the rest of the packet; but the next packets sent by the backend stay
in the tcp stack (the proxy does not expect further content). The reverse proxy
prepends these packets in the response to the next request routed to the same
backend. This, of course, seriouly breaks our applications...

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

--- Comment #3 from Luke G. <sp...@gmail.com> ---
After some more testing, it appears that when a 304 message is returned, httpd
skips the rest of the first chunk (as seen when a 200 message is returned) but
then sends all the following chunks. 

Maybe this will help find the problem...

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

--- Comment #6 from jkaluza@redhat.com ---
Committed to trunk in r1640495.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

--- Comment #5 from Luke G. <sp...@gmail.com> ---
Thanks, proposed patch 32204 solved the problem!

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

--- Comment #7 from jkaluza@redhat.com ---
Proposed in 2.4.x.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

Francis Asselin <fr...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |francisasselin@gmail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

--- Comment #2 from Luke G. <sp...@gmail.com> ---
curl seems to be following the rfc2616 correctly, and immediately close
connection after receiving the 304 header, so the bug won't show with curl.

I can see the problem when using telnet to connect to the server and sending
the request manually.

Also, after some testing, it seems the bug is triggered only when the php
script generate some large enough content.

Here is how to reproduce:

-> index.php:

<?php header('Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT');
for( $i=0; $i<60; $i++) {
   echo( "testing testing testing testing testing testing testing testing
testing testing testing\n" );
}
flush();
?>

-> send request manually via telnet:

telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.php HTTP/1.1
Host: localhost
Accept: */*
If-Modified-Since: Tue, 15 Nov 1995 05:58:08 GMT


HTTP/1.1 304 Not Modified
Date: Tue, 11 Nov 2014 15:54:07 GMT
Server: Apache/2.4.10 (Unix)

testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
Connection closed by foreign host.

-> Note that telnet close the connection after about 5 seconds of waiting


And this is what I get when the date triggers to send content:

telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.php HTTP/1.1
Host: localhost
Accept: */*
If-Modified-Since: Tue, 14 Nov 1995 05:58:08 GMT


HTTP/1.1 200 OK
Date: Tue, 11 Nov 2014 16:04:03 GMT
Server: Apache/2.4.10 (Unix)
X-Powered-By: PHP/5.5.18
Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT
Transfer-Encoding: chunked
Content-Type: text/html

1028
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing

478
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing
testing testing testing testing testing testing testing testing testing testing
testing

0

Connection closed by foreign host.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |FixedInTrunk

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi (more) wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #8 from Christophe JAILLET <ch...@wanadoo.fr> ---
Backported in 2.4.x in r1650677

Will be part of 2.4.11

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

--- Comment #4 from jkaluza@redhat.com ---
Created attachment 32204
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=32204&action=edit
proposed patch

Stop handling body sent by fcgi backend after httpd sent 304 to the client.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi (more) wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|mod_proxy_fcgi wrong        |mod_proxy_fcgi (more) wrong
                   |behavior with 304           |behavior with 304

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57198] mod_proxy_fcgi wrong behavior with 304

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57198

jkaluza@redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jkaluza@redhat.com

--- Comment #1 from jkaluza@redhat.com ---
>From the first quick try, I'm not able to reproduce the issue.

My PHP script looks like this:

<?php header('Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT');?>
test

At first I've tried request with If-Modified-Since before the date in PHP
script. This returns 200 OK with body as expected:

# curl --header 'If-Modified-Since: Tue, 14 Nov 1995 04:58:08 GMT'
http://localhost/index.php -v
> GET /index.php HTTP/1.1
> User-Agent: curl/7.32.0
> Host: localhost
> Accept: */*
> If-Modified-Since: Tue, 14 Nov 1995 04:58:08 GMT
> 
< HTTP/1.1 200 OK
< Date: Tue, 11 Nov 2014 09:41:25 GMT
< Server: Apache/2.4.10 (Fedora) Phusion_Passenger/4.0.53
< X-Powered-By: PHP/5.5.18
< Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
< 
test

Then I've tried with different If-Modified-Since to trigger to 304. This
returns 304, but I don't see the php script content there:

# curl --header 'If-Modified-Since: Wed, 15 Nov 1995 04:58:08 GMT'
http://localhost/index.php -v
> GET /index.php HTTP/1.1
> User-Agent: curl/7.32.0
> Host: localhost
> Accept: */*
> If-Modified-Since: Wed, 15 Nov 1995 04:58:08 GMT
> 
< HTTP/1.1 304 Not Modified
< Date: Tue, 11 Nov 2014 09:41:17 GMT
< Server: Apache/2.4.10 (Fedora) Phusion_Passenger/4.0.53
< 

Are you doing anything differently? How do you reproduce it?

Note that from the code, I think this should work properly, because the output
brigade is cleaned-up before it's passed to output filters.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org