Project

General

Profile

Bug #1822

400 Bad Request for ASCII char 9 in header (TAB)

Added by metula almost 8 years ago. Updated over 7 years ago.

Status:
Fixed
Priority:
High
Assignee:
-
Category:
core
Target version:
Start date:
2008-11-17
Due date:
% Done:

100%

Missing in 1.5.x:

Description

We're using Lighty V1.4.20 as a reverse-proxy and have a wide array of clients from Java web-start to various mobile phones

Today we saw an issue where one of the clients (a Java web-start app) was making a multi-part request with the following Header:

Content-Type: multipart/related; type="text/xml"; start="<6EC65C8AC8AAEB26C7CA25037E6CC792>"; boundary="----=_Part_99_10717046.1226929076094"

Lighty was responding with HTTP code 400 - Bad Request.

What you can't see there is that the semi-colons are followed by TAB characters (ASCII 9). I had a quick look at RFC 2616 which suggests that this is legal (although unnecessary). We have patched the code in request.c line 1023 as follows:

1023c1023
< if (*cur >= 0 && *cur < 32) {
---

if ( (*cur >= 0 && *cur < 32) && (*cur!=9)) {

thus allowing char 9 - this is a simplistic fix and may go against the spec in some other way - however - it's working for now!

Associated revisions

Revision 2391 (diff)
Added by stbuehler over 7 years ago

Allow tabs in header values (fixes #1822)

Revision 83e2296c (diff)
Added by stbuehler over 7 years ago

Allow tabs in header values (fixes #1822)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2391 152afb58-edef-0310-8abb-c4023f1b3aa9

History

#1 Updated by icy over 7 years ago

  • Target version changed from 1.4.21 to 1.4.22

#2 Updated by stbuehler over 7 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2391.

Also available in: Atom