You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/10/29 01:18:04 UTC
protocol/1329: Apache will send wrong/invalid Content-length headers upon receipt of certain Range headers (fwd)
Looks correct, but I haven't tested yet.
Dean
---------- Forwarded message ----------
Date: 28 Oct 1997 23:10:24 -0000
From: Ronald Tschalaer <Ro...@psi.ch>
To: apbugs@hyperreal.org
Subject: protocol/1329: Apache will send wrong/invalid Content-length headers upon receipt of certain Range headers
>Number: 1329
>Category: protocol
>Synopsis: Apache will send wrong/invalid Content-length headers upon receipt of certain Range headers
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Oct 28 15:20:00 PST 1997
>Last-Modified:
>Originator: Ronald.Tschalaer@psi.ch
>Organization:
apache
>Release: 1.2.4
>Environment:
Platform/compiler independent
>Description:
If a client sends Range headers with either a range with the beginning index
larger than the actual length of the resource, or a range with a
suffix-byte-range longer than the length of the resource then Apache will
return a 206 response with wrong/invalid Content-length and Content-range
headers. Examples (the resource is 1316 bytes long):
mithrandir[test] telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.1
Host: localhost
Range: bytes=10000-20000
HTTP/1.1 206 Partial Content
Date: Tue, 28 Oct 1997 23:00:36 GMT
Server: Apache/1.2.4
Last-Modified: Mon, 30 Jun 1997 21:09:58 GMT
ETag: "15385-524-33b820a6"
Content-Length: -8684
Content-Range: bytes 10000-1315/1316
Content-Type: text/html
GET / HTTP/1.1
Host: localhost
Range: bytes=-10000
HTTP/1.1 206 Partial Content
Date: Tue, 28 Oct 1997 23:00:48 GMT
Server: Apache/1.2.4
Last-Modified: Mon, 30 Jun 1997 21:09:58 GMT
ETag: "15385-524-33b820a6"
Content-Length: 10000
Content-Range: bytes -8684-1315/1316
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Test Page for Apache Installation</TITLE>
</HEAD>
[rest of body snipped]
According to rfc-2068 (section 14.36) the first case should return a 200
response, and the second case should be a 206 (the spec isn't totally clear
here, so maybe a 200 would do too). The simple patch below will handle these
cases correctly.
Cheers,
Ronald
>How-To-Repeat:
Send the Range request headers given above to any Apache 1.2.x server.
>Fix:
The problem is parse_byterange() in http_protocol.c . Here is my suggested
patch:
--------------------------------------------------------------------------
*** http_protocol.c.orig Fri Aug 15 19:08:51 1997
--- http_protocol.c Tue Oct 28 22:43:13 1997
***************
*** 97,108 ****
*end = clength -1;
}
! if (*start > *end)
! return 0;
if (*end >= clength)
*end = clength - 1;
return 1;
}
--- 97,111 ----
*end = clength -1;
}
! if (*start < 0)
! *start = 0;
if (*end >= clength)
*end = clength - 1;
+ if (*start > *end)
+ return 0;
+
return 1;
}
-------------------------------------------------------------------------
>Audit-Trail:
>Unformatted:
Re: protocol/1329: Apache will send wrong/invalid Content-length headers [PATCH] update
Posted by Martin Kraemer <Ma...@mch.sni.de>.
On Tue, Oct 28, 1997 at 04:18:04PM -0800, Dean Gaudet wrote:
> Looks correct, but I haven't tested yet.
I still get an inconsistent response:
GET /robots.txt HTTP/1.1
Host: localhost:8080
Range: bytes=1000-2000
HTTP/1.1 200 OK
Date: Wed, 29 Oct 1997 20:54:02 GMT
Server: Apache/1.3b3-dev PHP/FI-2.0b12
Last-Modified: Tue, 28 Oct 1997 10:27:06 GMT
ETag: "570-aa-3455bdfa"
Content-Length: 170
Content-Type: text/plain
....
This is OK. But for the next request, I also expect to get a 200, not a 206:
GET /robots.txt HTTP/1.1
Host: localhost:8080
Range: bytes=-1000
HTTP/1.1 206 Partial Content
^^^^^^^^^^^^^^^^^^^ should be: 200 OK
Date: Wed, 29 Oct 1997 20:53:42 GMT
Server: Apache/1.3b3-dev PHP/FI-2.0b12
Last-Modified: Tue, 28 Oct 1997 10:27:06 GMT
ETag: "570-aa-3455bdfa"
Content-Length: 170
Content-Range: bytes 0-169/170
^^^^^^^^^should be omitted, since full file served
Content-Type: text/plain
Please check the appended patch for a fix.
Martin
--
| S I E M E N S | <Ma...@mch.sni.de> | Siemens Nixdorf
| ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
| N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
Re: protocol/1329: Apache will send wrong/invalid Content-length headers upon receipt of certain Range headers (fwd)
Posted by Martin Kraemer <Ma...@mch.sni.de>.
On Wed, Oct 29, 1997 at 09:46:18PM +0100, Martin Kraemer wrote:
> It fixes part of the problem, but not all of it:
>
Blush!!! Sorry, I hacked the wrong patch. Forget my previous mail.
Indeed it looks like it catches all cases; I'll have to recompile -
Will repost after checking the REAL patch.
Martin
--
| S I E M E N S | <Ma...@mch.sni.de> | Siemens Nixdorf
| ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
| N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
Re: protocol/1329: Apache will send wrong/invalid Content-length headers upon receipt of certain Range headers (fwd)
Posted by Martin Kraemer <Ma...@mch.sni.de>.
On Tue, Oct 28, 1997 at 04:16:25PM -0800, Roy T. Fielding wrote:
> >Looks correct, but I haven't tested yet.
>
> Same here.
It fixes part of the problem, but not all of it:
GET /robots.txt HTTP/1.1
Host: deejai.mch.sni.de:8000
Range: bytes=-1000
HTTP/1.1 206 Partial Content
Date: Wed, 29 Oct 1997 20:43:39 GMT
Server: Apache/1.3b3-dev PHP/FI-2.0b12
Last-Modified: Tue, 28 Oct 1997 10:27:06 GMT
ETag: "570-aa-3455bdfa"
Content-Length: 1000
^^^^
Content-Range: bytes -830-169/170
^^^^
Content-Type: text/plain
Martin
--
| S I E M E N S | <Ma...@mch.sni.de> | Siemens Nixdorf
| ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
| N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request