Bug#451563: apache2.2-common: HTTP PUT with mod_dav fails to detect an aborted connection
Package: apache2.2-common
Version: 2.2.3-4+etch1
Severity: normal
Apache treats an aborted HTTP PUT as if it completed successfully, logs
the PUT as having completed successfully and leaves the incomplete file
on the disk. It does so even though the transmitted content is much shorter
than the advertised content length.
Replicate with:
httpd.conf:
LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so
LoadModule dav_lock_module /usr/lib/apache2/modules/mod_dav_lock.so
DAVLockDB /tmp/DAVLock
<Directory /var/www/dav/>
Dav filesystem
</Directory>
# mkdir /var/www/dav
# chown www-data /var/www/dav
# curl -T bigfile http://localhost/dav/bigfile
^C
partial upload at /var/www/dav/bigfile remains on the disk.
access_log shows success status 201:
127.0.0.1 - - [16/Nov/2007:17:31:32 -0500] "PUT /dav/bigfile HTTP/1.1" 201 322 "-" "curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5"
excerpts from tcpdump:
PUT /dav/bigfile HTTP/1.1
User-Agent: curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5
Host: minoc.dirtside.com
Accept: */*
Content-Length: 723795856
Expect: 100-continue
HTTP/1.1 100 Continue
[uploaded data until ^C]
Note: FIN packet from source due to program abort
17:31:32.166989 IP (tos 0x0, ttl 64, id 58671, offset 0, flags [DF], proto:
TCP (6), length: 16436) 127.0.0.1.57636 > 127.0.0.1.80: FP
4587737:4604121(16384) ack 26 win 8192 <nop,nop,timestamp 96632442 96632442>
Note: Apache responds with success message anyway
17:31:32.170708 IP (tos 0x0, ttl 64, id 31673, offset 0, flags [DF], proto:
TCP (6), length: 629) 127.0.0.1.80 > 127.0.0.1.57636: P, cksum 0xca8d
(correct), 26:603(577) ack 4604122 win 32768 <nop,nop,timestamp 96632443
96632442>
E..u{.@.@.N.F..RF..R.P.$f ..e..............
..~{..~zHTTP/1.1 201 Created
Date: Fri, 16 Nov 2007 22:31:32 GMT
Server: Apache/2.2.3 (Debian) DAV/2 mod_fastcgi/2.4.2 mod_ssl/2.2.3 OpenSSL/0.9.8c
Location: http://minoc.dirtside.com/dav/bigfile
Content-Length: 322
Content-Type: text/html; charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>201 Created</title>
</head><body>
<h1>Created</h1>
<p>Resource /dav/bigfile has been created.</p>
<hr />
<address>Apache/2.2.3 (Debian) DAV/2 mod_fastcgi/2.4.2 mod_ssl/2.2.3
OpenSSL/0.9.8c Server at minoc.dirtside.com Port 80</address>
</body></html>
Note: RST packet from source since the connection is no longer there.
17:31:32.170763 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP
(6), length: 40) 127.0.0.1.57636 > 127.0.0.1.80: R, cksum 0x1f77
(correct), 1707072287:1707072287(0) win 0
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.56-dualp2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.3-4+etch1 utility programs for webservers
ii libmagic1 4.17-5etch3 File type determination library us
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-17 The NET-3 networking toolkit
ii procps 1:3.2.7-3 /proc file system utilities
apache2.2-common recommends no packages.
-- no debconf information
Reply to: