You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2002/07/03 22:37:06 UTC
Re: Christopher Williamson: URGENT: Bug/compatability issue in Apache
Hrm.... I would be prone to either removing this patch, or at least
redoing it. As some of you may recall, I mentioned this area a little
bit ago regarding our use and expectation of ANSI sscanf() here as
well.
However, isn't what we are doing correct? It *is* an invalid protocol
statement... I'd be willing to wrap this in a new directive, so we
have both.
Rodent of Unusual Size wrote:
>
> Not acked (by me, at least). I can feel their pain..
>
> -------- Original Message --------
> Subject: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26
> Date: Wed, 03 Jul 2002 12:49:26 -0600
> From: Christopher Williamson <ch...@dq.com>
> To: martin@apache.org, support@apache.org, bugs@apache.org
>
> I sent this a week ago directly to Martin and never got a response, can anyone
> else please help? If not, I will open a bug in BugZilla about it.
>
> ------- Forwarded Message
>
> Forwarded: Tue, 25 Jun 2002 22:39:36 -0600
> Forwarded: "jon,ben,roden "
> Subject: URGENT: Bug/compatability issue in Apache 1.3.26
> To: martin@apache.org
> X-URL: http://www.dq.com/
> Date: Tue, 25 Jun 2002 17:52:59 -0600
> From: Christopher Williamson <chrisw>
>
> I am writing in hopes that you can help us with an urgent problem we are
> having with a bug fix you put into Apache 1.3.26 I have spent two days
> tracking this down and am certain the issue is with your fix.
>
> Due to an error in OUR online game code, we were incorrectly requesting
> files using 'HTTP-1.0' instead of 'HTTP/1.0' on the GET request line. As you
> know, this is wrong. However, suprisingly, this worked just fine for several
> years with both Apache and other Web servers, presumably because the server
> just ignored it or defaulted to HTTP/1.0. If you want to test, try our
> down-level Apache server at lobby.dqsoft.com with GET /index.html HTTP-1.0
> I am sure I am not the only one with this problem, as there are several
> socket tutorials and such that incorrectly say 'HTTP-1.0'.
>
> However, as of 1.3.26 this GET request now results in a 400 Bad Request
> and as a result, all of our current online games cannot retrieve the config
> files causing numerous problems.
>
> You would correctly argue that we should fix this on our end, which we already
> have done. However, the 'we are screwed' part is that the 50,000 some odd
> folks out there with our online games can no longer get news, updates, alerts,
> etc. from our Web site using Apache. To make matters worse, we cant simply
> redirect the files since the requests fail immediately, the only solution for
> us is to switch to a M$ server or a down-level Apache build with the security
> vulnerability for our entire domain!
>
> In the short-term, I am convincing our Web hosts to move us to a down-level
> server. However, I would like to ask if you would please strongly consider
> putting a 'fix' into the next Apache release to handle this incorrect format
> in a backward-compatible fashion. When the next update occurs, we can ask
> our host to then upgrade us knowing that our old games will still work
> without compromising our site's security or resorting to a competing server.
>
> I thank you for your time and support of Apache. If you need help or
> clarification, please dont hesitate to write back. Even just a quick
> 'we are looking into it' would help me rest easier.
>
> Christopher Williamson
> President, DreamQuest Software (http://dq.com/)
> "Championship Spades is the first cross-platform wireless game!"
>
> ------- End of Forwarded Message
>
--
===========================================================================
Jim Jagielski [|] jim@jaguNET.com [|] http://www.jaguNET.com/
"A society that will trade a little liberty for a little order
will lose both and deserve neither" - T.Jefferson