You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/06/06 11:48:10 UTC

[Bug 56598] New: Content-Length header should be always interpreted as a decimal

https://issues.apache.org/bugzilla/show_bug.cgi?id=56598

            Bug ID: 56598
           Summary: Content-Length header should be always interpreted as
                    a decimal
           Product: Apache httpd-2
           Version: 2.4.9
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libapreq2
          Assignee: bugs@httpd.apache.org
          Reporter: ctcard@hotmail.com

RFC 2616 defines the Content-Length header as follows:

The Content-Length entity-header field indicates the size of the entity-body,
in decimal number of OCTETs, sent to the recipient or, in the case of the HEAD
method, the size of the entity-body that would have been sent had the request
been a GET. 

    Content-Length    = "Content-Length" ":" 1*DIGIT

This definition allows a Content-Length header like this

    Content-Length: 000000000185

which should be interpreted as content having 185 (decimal) octets.

However, Apache 2 is interpreting such a content length value as octal, because
of the leading zeros, and so gives a error message 

    (20014)Internal error: Invalid Content-Length header (000000000185)

This is due to calls like this (in libapreq2-2.13/module/apache2/filter.c):

    apr_uint64_t content_length = apr_strtoi64(cl_header,&dummy,0);

Because the final argument is 0, the number is interpreted as octal, and so in
this example the conversion stops at 0000000001, leaving dummy pointing at
"85", since 8 is not a valid octal digit.

The final argument should be 10 instead of 0, to force the conversion to assume
decimal.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 56598] Content-Length header should be always interpreted as a decimal

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56598

--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
Fixed in Apache in r1626086.

BTW, doc for apr_strtoi64 and apr_strtoff says nothing about this octal
conversion.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org