Bug#226954: apache: mod_proxy; auth/basic; tomcat4: apache inserts blank line in header

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#226954: apache: mod_proxy; auth/basic; tomcat4: apache inserts blank line in header
From: Marc SCHAEFER <schaefer@alphanet.ch>
Date: Fri, 09 Jan 2004 16:59:52 +0100
Message-id: <[🔎] 20040109155953.7BBAC2AD26@defian>
Reply-to: Marc SCHAEFER <schaefer@alphanet.ch>, 226954@bugs.debian.org

Package: apache
Version: 1.3.26-0woody3
Severity: important
Tags: patch

Hi,

if using mod_proxy in Apache and the remote HTTP server returns
a HTTP/1.1 401 (authentification required), but there is nothing
after the 401 after the space, Apache adds a space and thus
makes the additional header lines displayed in your WWW client.

Bad case:
   HTTP/1.1 401 
   Content-Type: text/html;charset=ISO-8859-1
   Connection: close
   Content-Language: en-US
   Date: Fri, 09 Jan 2004 15:19:57 GMT
   Server: Apache Tomcat/4.1 (HTTP/1.1 Connector)
   WWW-Authenticate: Basic realm="Authentication for bla platform."

Good case:
   replace the first line with
      HTTP/1.1 401 blaaa

(you can easily reproduce this by typing by hand through a
nc -l -p 4000)

This was found by using tomcat4.1 with Apache and mod_proxy and
an authentification module.

References: (although this is Apache 2, it applies).
   http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=89179

Patch:
   Apparently the fix is already in testing/unstable, this is
   for documentation for people who wants to maintain stable
   packages.

diff -urP apache_1.3.26/src/modules/proxy/proxy_util.c apache_1.3.26/apache_1.3.26/src/modules/proxy/proxy_util.c
--- build-tree/apache_1.3.26/src/modules/proxy/proxy_util.c	Tue Jun 18 02:59:59 2002
+++ build-tree/apache_1.3.26/src/modules/proxy/proxy_util.c	Mon Feb  3 18:13:26 2003
@@ -1,7 +1,7 @@
 /* ====================================================================
  * The Apache Software License, Version 1.1
  *
- * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
+ * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
  * reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1607,6 +1607,12 @@
         }
         *backasswards = 0;
 
+        /* there need not be a reason phrase in the response,
+	 * and ap_getline() already deleted trailing whitespace.
+	 * But RFC2616 requires a SP after the Status-Code. Add one:
+	 */
+	if (strlen(buffer) < sizeof("HTTP/1.x 200 ")-1)
+	  buffer = ap_pstrcat(r->pool, buffer, " ", NULL);
         buffer[12] = '\0';
         r->status = atoi(&buffer[9]);
         buffer[12] = ' ';


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux defian 2.4.21 #1 Fri Nov 7 18:54:07 MET 2003 i686
Locale: LANG=C, LC_CTYPE=fr_CH

Versions of packages apache depends on:
ii  apache-common             1.3.26-0woody3 Support files for all Apache webse
ii  dpkg                      1.9.21         Package maintenance system for Deb
ii  libc6                     2.2.5-11.5     GNU C Library: Shared libraries an
ii  libdb2                    2:2.7.7.0-7    The Berkeley database routines (ru
ii  libexpat1                 1.95.2-6       XML parsing C library - runtime li
ii  logrotate                 3.5.9-8        Log rotation utility
ii  mime-support              3.18-1.3       MIME files 'mime.types' & 'mailcap
ii  perl                      5.6.1-8.3      Larry Wall's Practical Extraction 
ii  perl [perl5]              5.6.1-8.3      Larry Wall's Practical Extraction

Reply to:

Follow-Ups:
- Bug#226954: apache: mod_proxy; auth/basic; tomcat4: apache inserts blank line in header
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>

Prev by Date: libapache-mod-ldap in woody broken ?
Next by Date: Standard apache modules missing .info files. Apache package fails setup
Previous by thread: libapache-mod-ldap in woody broken ?
Next by thread: Bug#226954: apache: mod_proxy; auth/basic; tomcat4: apache inserts blank line in header
Index(es):
- Date
- Thread