https://redmine.lighttpd.net/
https://redmine.lighttpd.net/favicon.ico?1366732741
2007-04-09T18:55:47Z
lighty labs
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=2609
2007-04-09T18:55:47Z
jan
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Fixed</i></li><li><strong>Resolution</strong> set to <i>fixed</i></li></ul><p>fixed in r1727</p>
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=2610
2007-04-20T15:19:15Z
Anonymous
<ul><li><strong>Status</strong> changed from <i>Fixed</i> to <i>Need Feedback</i></li><li><strong>Resolution</strong> deleted (<del><i>fixed</i></del>)</li></ul><p>Thanks for the fix for trailing spaces in 1.4, however the system lighttpd is serving to, makes the following request which fails with error "overlong request line -> 400" due to the multiple embedded spaces. The parser needs to eat multiple spaces wherever a space is legal.</p>
<p>The failing request header is:</p>
<p>00000000 50 4f 53 54 20 2f 6d 70 65 67 34 2f 31 2f 6d 65 POST /mp eg4/1/me<br />00000010 64 69 61 2e 61 6d 70 20 48 54 54 50 2f 31 2e 30 dia.amp HTTP/1.0<br />00000020 20 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a ..Conte nt-Type:<br />00000030 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 72 applica tion/x-r<br />00000040 74 73 70 2d 74 75 6e 6e 65 6c 6c 65 64 20 0d 0a tsp-tunn elled ..<br />00000050 78 2d 73 65 73 73 69 6f 6e 63 6f 6f 6b 69 65 3a x-sessio ncookie:<br />00000060 20 20 39 34 34 33 35 33 32 30 30 20 0d 0a 43 6f 944353 200 ..Co<br />00000070 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 20 33 ntent-Le ngth: 3<br />00000080 32 37 36 37 20 0d 0a 43 6f 6e 6e 65 63 74 69 6f 2767 ..C onnectio<br />00000090 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 20 0d 0a n: Keep- Alive ..<br />000000A0 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 Pragma: no-cache<br />000000B0 20 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c ..Cache -Control<br />000000C0 3a 20 6e 6f 2d 63 61 63 68 65 20 0d 0a 45 78 70 : no-cac he ..Exp<br />000000D0 69 72 65 73 3a 20 53 75 6e 2c 20 39 20 4a 61 6e ires: Su n, 9 Jan<br />000000E0 20 31 39 37 32 20 30 30 3a 30 30 3a 30 30 20 47 1972 00 :00:00 G<br />000000F0 4d 54 20 0d 0a 41 75 74 68 6f 72 69 7a 61 74 69 MT ..Aut horizati<br />00000100 6f 6e 3a 20 42 61 73 69 63 20 20 63 6d 39 76 64 on: Basi c cm9vd<br />00000110 44 70 68 65 47 6c 7a 63 33 56 6a 61 33 4d 3d 20 DpheGlzc 3Vja3M=</p>
<p>-- gcleary</p>
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=2611
2007-04-20T15:21:31Z
Anonymous
<ul></ul><p>Better formatting....</p>
<pre>
00000000 50 4f 53 54 20 2f 6d 70 65 67 34 2f 31 2f 6d 65 POST /mp eg4/1/me
00000010 64 69 61 2e 61 6d 70 20 48 54 54 50 2f 31 2e 30 dia.amp HTTP/1.0
00000020 20 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a ..Conte nt-Type:
00000030 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 72 applica tion/x-r
00000040 74 73 70 2d 74 75 6e 6e 65 6c 6c 65 64 20 0d 0a tsp-tunn elled ..
00000050 78 2d 73 65 73 73 69 6f 6e 63 6f 6f 6b 69 65 3a x-sessio ncookie:
00000060 20 20 39 34 34 33 35 33 32 30 30 20 0d 0a 43 6f 944353 200 ..Co
00000070 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 20 33 ntent-Le ngth: 3
00000080 32 37 36 37 20 0d 0a 43 6f 6e 6e 65 63 74 69 6f 2767 ..C onnectio
00000090 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 20 0d 0a n: Keep- Alive ..
000000A0 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 Pragma: no-cache
000000B0 20 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c ..Cache -Control
000000C0 3a 20 6e 6f 2d 63 61 63 68 65 20 0d 0a 45 78 70 : no-cac he ..Exp
000000D0 69 72 65 73 3a 20 53 75 6e 2c 20 39 20 4a 61 6e ires: Su n, 9 Jan
000000E0 20 31 39 37 32 20 30 30 3a 30 30 3a 30 30 20 47 1972 00 :00:00 G
000000F0 4d 54 20 0d 0a 41 75 74 68 6f 72 69 7a 61 74 69 MT ..Aut horizati
00000100 6f 6e 3a 20 42 61 73 69 63 20 20 63 6d 39 76 64 on: Basi c cm9vd
00000110 44 70 68 65 47 6c 7a 63 33 56 6a 61 33 4d 3d 20 DpheGlzc 3Vja3M=
</pre>
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=2612
2007-05-08T05:16:55Z
Anonymous
<ul></ul><p>50 4f 53 54 20 2f 6d 70 65 67 34 2f 31 2f 6d 65</p>
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=2613
2007-05-08T05:17:31Z
Anonymous
<ul></ul><p>00000000 50 4f 53 54 20 2f 6d 70 65 67 34 2f 31 2f 6d 65 POST /mp eg4/1/me 00000010 64 69 61 2e 61 6d 70 20 48 54 54 50 2f 31 2e 30 dia.amp HTTP/1.0 00000020 20 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a ..Conte nt-Type: 00000030 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 72 applica tion/x-r 00000040 74 73 70 2d 74 75 6e 6e 65 6c 6c 65 64 20 0d 0a tsp-tunn elled .. 00000050 78 2d 73 65 73 73 69 6f 6e 63 6f 6f 6b 69 65 3a x-sessio ncookie: 00000060 20 20 39 34 34 33 35 33 32 30 30 20 0d 0a 43 6f 944353 200 ..Co 00000070 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 20 33 ntent-Le ngth: 3 00000080 32 37 36 37 20 0d 0a 43 6f 6e 6e 65 63 74 69 6f 2767 ..C onnectio 00000090 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 20 0d 0a n: Keep- Alive .. 000000A0 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 Pragma: no-cache 000000B0 20 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c ..Cache -Control 000000C0 3a 20 6e 6f 2d 63 61 63 68 65 20 0d 0a 45 78 70 : no-cac he ..Exp 000000D0 69 72 65 73 3a 20 53 75 6e 2c 20 39 20 4a 61 6e ires: Su n, 9 Jan 000000E0 20 31 39 37 32 20 30 30 3a 30 30 3a 30 30 20 47 1972 00 :00:00 G 000000F0 4d 54 20 0d 0a 41 75 74 68 6f 72 69 7a 61 74 69 MT ..Aut horizati 00000100 6f 6e 3a 20 42 61 73 69 63 20 20 63 6d 39 76 64 on: Basi c cm9vd 00000110 44 70 68 65 47 6c 7a 63 33 56 6a 61 33 4d 3d 20 DpheGlzc? 3Vja3M=</p>
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=2614
2008-08-31T23:03:43Z
stbuehler
<ul><li><strong>Status</strong> changed from <i>Need Feedback</i> to <i>Fixed</i></li><li><strong>Resolution</strong> set to <i>wontfix</i></li></ul><p>Fix your application.</p>
<pre>
Request-Line = Method SP Request-URI SP HTTP-Version CRLF
</pre>
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=4821
2008-10-10T19:05:02Z
stbuehler
<ul><li><strong>Status</strong> changed from <i>Fixed</i> to <i>Wontfix</i></li></ul>
Lighttpd - Bug #1098: Trailing spaces in urls are not tolerated
https://redmine.lighttpd.net/issues/1098?journal_id=13717
2023-12-31T05:20:44Z
gstrauss
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/13717/diff?detail_id=11241">diff</a>)</li><li><strong>Status</strong> changed from <i>Wontfix</i> to <i>Invalid</i></li><li><strong>ASK QUESTIONS IN Forums</strong> set to <i>No</i></li></ul><p><a class="external" href="https://www.rfc-editor.org/rfc/rfc7230#section-3.1.1">https://www.rfc-editor.org/rfc/rfc7230#section-3.1.1</a></p>
<pre><code>Recipients of an invalid request-line SHOULD respond with either a<br /> 400 (Bad Request) error or a 301 (Moved Permanently) redirect with<br /> the request-target properly encoded. A recipient SHOULD NOT attempt<br /> to autocorrect and then process the request without a redirect, since<br /> the invalid request-line might be deliberately crafted to bypass<br /> security filters along the request chain.</code></pre>