You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2006/12/13 16:36:47 UTC
DO NOT REPLY [Bug 41170] New: - single crlf in header termination crashes app.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41170>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41170
Summary: single crlf in header termination crashes app.
Product: Tomcat 5
Version: 5.0.28
Platform: Other
OS/Version: Windows Server 2003
Status: NEW
Keywords: RFC
Severity: normal
Priority: P2
Component: Connector:AJP
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: conod@hotmail.com
In modjk (latest version i could find ) for IIS there is a possible bug in
function:
static int JK_METHOD start_response(jk_ws_service_t *s,
int status,
const char *reason,
const char *const *header_names,
const char *const *header_values,
unsigned int num_of_headers)
{
It creates a response buffer and it works fine if there are headers to send:
if (num_of_headers) {
...
else {
however if there are no headers to send it merely sends a single crlf in the
header buffer.
headers_str = crlf;
}
}
The description for HSE_REQ_SEND_RESPONSE_HEADER at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/iissdk/html/ad17aeb4-bb70-4755-83a2-c4cec7fa5ecb.asp
"If you append your own headers to the server-generated headers, you must
terminate the header string with an extra carriage return and linefeed."
also seems to mean that once you have no headers to send then you need to make
sure you terminate the header by adding an extra crlf (double crlf) as per the
RFC
So sending a single crlf would not be valid (browsers will ignore error this
but we ran into an app called documentum that crashes while parsing the header.)
Oddly enough IIS copes with and seems to correct the header (at least in Win2K3
SP1) except in one case and that is where another ISAPI filter is chained on
and in the NOTIFY_SEND_RESPONSE and that filter READS the www-authenticate
header!!! then IIS passes the buffer that mod_jk sends it transparently and the
client sees the header with a single crlf.
Appending an additional crlf when there is no header seems to take care of the
problem.
Hope this is enough detail please feel free to contact me !
all the Best
Con
.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41170] - single crlf in header termination crashes app.
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41170>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41170
yoavs@computer.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
------- Additional Comments From yoavs@computer.org 2007-03-25 09:23 -------
Con, we've had a few mod_jk releases since your bug post. Can you please
confirm that this issue still happens with the latest mod_jk (1.2.21 I believe)
and Tomcat (6.0.10 or 5.5.23)?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41170] - single crlf in header termination crashes app.
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41170>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41170
rainer.jung@kippdata.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Connector:AJP |Native:JK
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org