Ticket Navigation

Ticket #1286 (closed task: fixed)

Opened 1 year ago

Last modified 11 months ago

lighttpd-1.4.16 dont said 400 if there are NUL chars inside the request header.

Reported by:	ralf	Assigned to:	jan
Priority:	normal	Milestone:	1.4.17
Component:	core	Version:	1.4.15
Severity:	normal	Keywords:
Cc:		Blocking:
Need Feedback:	0

Attachments

Change History

(in reply to: ↑ description ) 08/04/2007 11:50:51 PM changed by ralf

pending deleted.

lighttpd likes all characters:

Perl Request Code:

#!/usr/bin/perl -w

use strict;

my $strange;

for my $i (0 .. 255) {
        $strange .= chr($i);
}
$strange=~ s/[\r\n]+//g;

my $req =       "HEAD /index.html.bak HTTP/1.0" . ("\x00" x 1000) . "\r\n" .
                "Host: verywell\r\n".
                "User-Agent: abc" . ("\x00" x 50000) ."def\r\n".
                "  0\x00123\r\n" .
                "Connection: \x00k\r\n".
                "Referer: http://well.com/\r\n".
                " " . $strange ."lala\r\n".
                "\r\n";

for (1 .. 1) {
        print $req;
}

Result:

ralf@server_linux:~/http$ perl test.pl | nc localhost 8080
HTTP/1.0 200 OK
Connection: close
Content-Type: application/octet-stream
Accept-Ranges: bytes
Content-Length: 5
Date: Sat, 04 Aug 2007 23:49:42 GMT
Server: lighttpd/1.4.16

Log-entry:

127.0.0.1 verywell - [05/Aug/2007:01:49:42 +0200] "HEAD /index.html.bak HTTP/1.0" 200 0 "http://well.com/ " "abcdef  0"

Add/Change #1286 (lighttpd-1.4.16 dont said 400 if there are NUL chars inside the request header.)

Your email or username:

Comment (you may use WikiFormatting here):

Change Properties

Summary:
Type:
Priority:		Milestone:
Component:		Version:
Severity:		Keywords:
Cc:		Blocking:
Need Feedback:

Action leave as closed
reopen ticket

Download in other formats: