You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Lev Walkin <vl...@spelio.net.ru> on 2002/01/23 04:32:42 UTC

general/9565: Mozilla / Apache interactions: "Accept: " header parsing fails.

>Number:         9565
>Category:       general
>Synopsis:       Mozilla / Apache interactions: "Accept: " header parsing fails.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jan 22 19:40:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     vlm@spelio.net.ru
>Release:        all
>Organization:
apache
>Environment:
www.apache.org and many other sities running various versions of Apache.
>Description:

A certain combination of "Accept: " header line tokens caused an error in
various versions of Apache, ranging from 1.3.20, 1.3.22 till the latest
ones.

If the GET request headers contains the following Accept line:

Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png

apache will fail to serve the client with the error page saying "Your browser sent a request that this server could not understand.
Request header field is missing colon separator."

At the same time, when we issue a request without the first type (text/xml),
the daemon WILL serve the client:

Accept: application/xml, application/xhtml+xml, text/html;q=0.9, image/png

This is certainly a misbihavor of parser code.

P.S. This kind of Accept header line is issued by recent versions of Mozilla.
>How-To-Repeat:
[vlm@spelio:~]>telnet www.apache.org 80
Trying 64.125.133.20...
Connected to www.apache.org.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.apache.org:80
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image
/png

HTTP/1.1 400 Bad Request
Date: Wed, 23 Jan 2002 03:23:32 GMT
Server: Apache/2.0.29 (Unix)
Content-Length: 371
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Request header field is missing colon separator.<br />
<pre>
/png</pre>
</p>
<hr />
<address>Apache/2.0.29 Server at dev.apache.org Port 80</address>
</body></html>
Connection closed by foreign host.
>Fix:
Fix the header line parser. I have not checked the code yet and have no
working fix.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]