Ticket #1555 (new defect)

Opened 5 months ago

Last modified 5 months ago

1.5.0 r1992 rejects requests with segment request-method (1.4.x is fine)

Reported by: Evill Assigned to: jan
Priority: high Milestone: 1.5.0
Component: core Version: 1.5.x-svn
Severity: major Keywords: patch
Cc: Blocking:
Need Feedback: 0

Description

1.5.0 r1992 rejects requests where the request-method (eg. GET or POST) is not completely contained in the first TCP packet with 400 Bad Request. 

"G","ET / HTTP/1.0\r\n\r\n" fails
"GET", " / HTTP/1.0\r\n\r\n" fails
"GET ","/ HTTP/1.0\r\n\r\n" works
"GET / HTTP","/1.0\r\n\r\n" works
"GET / HTTP/1.0", "\r\n\r\n" works

And of course, 

"GET / HTTP/1.0\r\n\r\n" works

I can see why this optimisation might have been made, but it should only be an optimisation. It should not reject requests that do split the packet here as that violates HTTP.

1.4.x works fine here.

Attachments

web_test.c (2.2 kB) - added by Evill on 02/11/2008 01:58:42 PM.
Isolated test case
Fix-1555-HTTP-Request-Response-only-accept-complet.patch (4.5 kB) - added by stbuehler on 02/15/2008 11:21:55 AM.

Change History

02/08/2008 06:49:40 AM changed by Evill

Ignore the extra spaces after the commas, they have no significance. Should look like this: 

"G","ET / HTTP/1.0\r\n\r\n" fails
"GET"," / HTTP/1.0\r\n\r\n" fails
"GET ","/ HTTP/1.0\r\n\r\n" works
"GET / HTTP","/1.0\r\n\r\n" works
"GET / HTTP/1.0","\r\n\r\n" works

02/11/2008 01:58:42 PM changed by Evill

  • attachment web_test.c added.

Isolated test case

02/11/2008 02:08:06 PM changed by Evill

Here's output from the test code: 

'G','ET / HTTP/1.0\r\n\r\n' => HTTP/1.0 400 Bad Request
'GET',' / HTTP/1.0\r\n\r\n' => HTTP/1.0 400 Bad Request
'GET ','/ HTTP/1.0\r\n\r\n' => HTTP/1.0 200 OK
'GET / HT','TP/1.0\r\n\r\n' => HTTP/1.0 200 OK
'GET / HTTP','/1.0\r\n\r\n' => HTTP/1.0 200 OK
'GET / HTTP/1.0','\r\n\r\n' => HTTP/1.0 200 OK
'GET / HTTP/1.0\r\n\r\n','' => HTTP/1.0 200 OK

Test code was written very quickly, so use your intuition if something breaks. :)

02/15/2008 11:21:55 AM changed by stbuehler

  • attachment Fix-1555-HTTP-Request-Response-only-accept-complet.patch added.

02/15/2008 11:24:42 AM changed by stbuehler

  • keywords changed from r1992 to patch.

The patch adds a comment in lempar.c as well - perhaps lempar.c should be "fixed" too, but i do not completely understand lemon/lempar till now, so i didn't touch that.

Add/Change #1555 (1.5.0 r1992 rejects requests with segment request-method (1.4.x is fine))




Change Properties