Project

General

Profile

Actions

Bug #1822

closed

400 Bad Request for ASCII char 9 in header (TAB)

Added by metula over 15 years ago. Updated about 15 years ago.

Status:
Fixed
Priority:
High
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

We're using Lighty V1.4.20 as a reverse-proxy and have a wide array of clients from Java web-start to various mobile phones

Today we saw an issue where one of the clients (a Java web-start app) was making a multi-part request with the following Header:

Content-Type: multipart/related; type="text/xml"; start="<6EC65C8AC8AAEB26C7CA25037E6CC792>"; boundary="----=_Part_99_10717046.1226929076094"

Lighty was responding with HTTP code 400 - Bad Request.

What you can't see there is that the semi-colons are followed by TAB characters (ASCII 9). I had a quick look at RFC 2616 which suggests that this is legal (although unnecessary). We have patched the code in request.c line 1023 as follows:

1023c1023
< if (*cur >= 0 && *cur < 32) {
---

if ( (*cur >= 0 && *cur < 32) && (*cur!=9)) {

thus allowing char 9 - this is a simplistic fix and may go against the spec in some other way - however - it's working for now!

Actions #1

Updated by icy about 15 years ago

  • Target version changed from 1.4.21 to 1.4.22
Actions #2

Updated by stbuehler about 15 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2391.

Actions

Also available in: Atom