Bug#226954: apache: mod_proxy; auth/basic; tomcat4: apache inserts blank line in header
tags 226954 + woody
severity 226954 minor
stop
quit
thanks
Please do not abuse of severity. The bug is fixed and could be closed.
Fabio
On Fri, 9 Jan 2004, Marc SCHAEFER wrote:
> Package: apache
> Version: 1.3.26-0woody3
> Severity: important
> Tags: patch
>
> Hi,
>
> if using mod_proxy in Apache and the remote HTTP server returns
> a HTTP/1.1 401 (authentification required), but there is nothing
> after the 401 after the space, Apache adds a space and thus
> makes the additional header lines displayed in your WWW client.
>
> Bad case:
> HTTP/1.1 401
> Content-Type: text/html;charset=ISO-8859-1
> Connection: close
> Content-Language: en-US
> Date: Fri, 09 Jan 2004 15:19:57 GMT
> Server: Apache Tomcat/4.1 (HTTP/1.1 Connector)
> WWW-Authenticate: Basic realm="Authentication for bla platform."
>
> Good case:
> replace the first line with
> HTTP/1.1 401 blaaa
>
> (you can easily reproduce this by typing by hand through a
> nc -l -p 4000)
>
> This was found by using tomcat4.1 with Apache and mod_proxy and
> an authentification module.
>
> References: (although this is Apache 2, it applies).
> http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=89179
>
> Patch:
> Apparently the fix is already in testing/unstable, this is
> for documentation for people who wants to maintain stable
> packages.
>
> diff -urP apache_1.3.26/src/modules/proxy/proxy_util.c apache_1.3.26/apache_1.3.26/src/modules/proxy/proxy_util.c
> --- build-tree/apache_1.3.26/src/modules/proxy/proxy_util.c Tue Jun 18 02:59:59 2002
> +++ build-tree/apache_1.3.26/src/modules/proxy/proxy_util.c Mon Feb 3 18:13:26 2003
> @@ -1,7 +1,7 @@
> /* ====================================================================
> * The Apache Software License, Version 1.1
> *
> - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
> + * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
> * reserved.
> *
> * Redistribution and use in source and binary forms, with or without
> @@ -1607,6 +1607,12 @@
> }
> *backasswards = 0;
>
> + /* there need not be a reason phrase in the response,
> + * and ap_getline() already deleted trailing whitespace.
> + * But RFC2616 requires a SP after the Status-Code. Add one:
> + */
> + if (strlen(buffer) < sizeof("HTTP/1.x 200 ")-1)
> + buffer = ap_pstrcat(r->pool, buffer, " ", NULL);
> buffer[12] = '\0';
> r->status = atoi(&buffer[9]);
> buffer[12] = ' ';
>
>
> -- System Information
> Debian Release: 3.0
> Architecture: i386
> Kernel: Linux defian 2.4.21 #1 Fri Nov 7 18:54:07 MET 2003 i686
> Locale: LANG=C, LC_CTYPE=fr_CH
>
> Versions of packages apache depends on:
> ii apache-common 1.3.26-0woody3 Support files for all Apache webse
> ii dpkg 1.9.21 Package maintenance system for Deb
> ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
> ii libdb2 2:2.7.7.0-7 The Berkeley database routines (ru
> ii libexpat1 1.95.2-6 XML parsing C library - runtime li
> ii logrotate 3.5.9-8 Log rotation utility
> ii mime-support 3.18-1.3 MIME files 'mime.types' & 'mailcap
> ii perl 5.6.1-8.3 Larry Wall's Practical Extraction
> ii perl [perl5] 5.6.1-8.3 Larry Wall's Practical Extraction
>
>
>
>
--
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues
http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html
Reply to: