You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Lev Walkin <vl...@spelio.net.ru> on 2002/01/23 04:32:42 UTC
general/9565: Mozilla / Apache interactions: "Accept: " header parsing fails.
>Number: 9565
>Category: general
>Synopsis: Mozilla / Apache interactions: "Accept: " header parsing fails.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Jan 22 19:40:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: vlm@spelio.net.ru
>Release: all
>Organization:
apache
>Environment:
www.apache.org and many other sities running various versions of Apache.
>Description:
A certain combination of "Accept: " header line tokens caused an error in
various versions of Apache, ranging from 1.3.20, 1.3.22 till the latest
ones.
If the GET request headers contains the following Accept line:
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png
apache will fail to serve the client with the error page saying "Your browser sent a request that this server could not understand.
Request header field is missing colon separator."
At the same time, when we issue a request without the first type (text/xml),
the daemon WILL serve the client:
Accept: application/xml, application/xhtml+xml, text/html;q=0.9, image/png
This is certainly a misbihavor of parser code.
P.S. This kind of Accept header line is issued by recent versions of Mozilla.
>How-To-Repeat:
[vlm@spelio:~]>telnet www.apache.org 80
Trying 64.125.133.20...
Connected to www.apache.org.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.apache.org:80
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image
/png
HTTP/1.1 400 Bad Request
Date: Wed, 23 Jan 2002 03:23:32 GMT
Server: Apache/2.0.29 (Unix)
Content-Length: 371
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Request header field is missing colon separator.<br />
<pre>
/png</pre>
</p>
<hr />
<address>Apache/2.0.29 Server at dev.apache.org Port 80</address>
</body></html>
Connection closed by foreign host.
>Fix:
Fix the header line parser. I have not checked the code yet and have no
working fix.
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]