You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Pascal Gaudette <pa...@entrust.com> on 1999/04/24 01:02:08 UTC

protocol/4299: Small Problem with HTTP headers extended over multiple lines

>Number:         4299
>Category:       protocol
>Synopsis:       Small Problem with HTTP headers extended over multiple lines
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Apr 23 16:10:01 PDT 1999
>Last-Modified:
>Originator:     pascal@entrust.com
>Organization:
apache
>Release:        1.3.6
>Environment:
Tested under SunOS zigbert 5.5.1 Generic_103640-24 sun4u sparc SUNW,Ultra-5_10,
but problem found in source as well.
>Description:

I believe there is a slight bug in Apache when dealing with HTTP headers
that are split over two or more lines.

To quote the HTTP/1.1 spec:
> Header fields can be extended over multiple lines by preceding each
> extra line with at least one SP or HT.
>

To me, this implies that these extra SP or HT characters should NOT be
considered part of the value of the header.  So the follwing two inputs
(with spaces, CR and LF explicitely noted) should both produce the same
header value of "abcde":

User-Agent: SP abcde CFLF

User-Agent: SP abc CRLF
SP SP HT de CRLF

Unfortunately, Apache includes the SPs and HTs that denote line continuation
into the header's value.
>How-To-Repeat:

Set up Apache, enable the cgi-bin directory and the printenv CGI.  Telnet
to Apache's port and input a request with a folded header.  Look at the
output and see that the extra spaces have been deemed part of the value.

EG:
--------------------
% telnet myapachehost 80
Trying <ip>...
Connected to myapachehost.
Escape character is '^]'.
GET /cgi-bin/printenv HTTP/1.0
Foo: abc
   de

--------------------
>Fix:

I believe this problem is in the getline() function in main/http_protocol.c
(starting at line 643).

This function should trim leading SP and HT characters in continuation lines.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]