Bug#226954: apache: mod_proxy; auth/basic; tomcat4: apache inserts blank line in header
Package: apache
Version: 1.3.26-0woody3
Severity: important
Tags: patch
Hi,
if using mod_proxy in Apache and the remote HTTP server returns
a HTTP/1.1 401 (authentification required), but there is nothing
after the 401 after the space, Apache adds a space and thus
makes the additional header lines displayed in your WWW client.
Bad case:
HTTP/1.1 401
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Language: en-US
Date: Fri, 09 Jan 2004 15:19:57 GMT
Server: Apache Tomcat/4.1 (HTTP/1.1 Connector)
WWW-Authenticate: Basic realm="Authentication for bla platform."
Good case:
replace the first line with
HTTP/1.1 401 blaaa
(you can easily reproduce this by typing by hand through a
nc -l -p 4000)
This was found by using tomcat4.1 with Apache and mod_proxy and
an authentification module.
References: (although this is Apache 2, it applies).
http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=89179
Patch:
Apparently the fix is already in testing/unstable, this is
for documentation for people who wants to maintain stable
packages.
diff -urP apache_1.3.26/src/modules/proxy/proxy_util.c apache_1.3.26/apache_1.3.26/src/modules/proxy/proxy_util.c
--- build-tree/apache_1.3.26/src/modules/proxy/proxy_util.c Tue Jun 18 02:59:59 2002
+++ build-tree/apache_1.3.26/src/modules/proxy/proxy_util.c Mon Feb 3 18:13:26 2003
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
+ * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -1607,6 +1607,12 @@
}
*backasswards = 0;
+ /* there need not be a reason phrase in the response,
+ * and ap_getline() already deleted trailing whitespace.
+ * But RFC2616 requires a SP after the Status-Code. Add one:
+ */
+ if (strlen(buffer) < sizeof("HTTP/1.x 200 ")-1)
+ buffer = ap_pstrcat(r->pool, buffer, " ", NULL);
buffer[12] = '\0';
r->status = atoi(&buffer[9]);
buffer[12] = ' ';
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux defian 2.4.21 #1 Fri Nov 7 18:54:07 MET 2003 i686
Locale: LANG=C, LC_CTYPE=fr_CH
Versions of packages apache depends on:
ii apache-common 1.3.26-0woody3 Support files for all Apache webse
ii dpkg 1.9.21 Package maintenance system for Deb
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libdb2 2:2.7.7.0-7 The Berkeley database routines (ru
ii libexpat1 1.95.2-6 XML parsing C library - runtime li
ii logrotate 3.5.9-8 Log rotation utility
ii mime-support 3.18-1.3 MIME files 'mime.types' & 'mailcap
ii perl 5.6.1-8.3 Larry Wall's Practical Extraction
ii perl [perl5] 5.6.1-8.3 Larry Wall's Practical Extraction
Reply to: