Bug#531157: [http transport]: does not allow empty Reason-Phase in Status-Line (breaks on 304s of squid)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#531157: [http transport]: does not allow empty Reason-Phase in Status-Line (breaks on 304s of squid)
From: Modestas Vainius <modestas@vainius.eu>
Date: Sat, 30 May 2009 13:43:52 +0300
Message-id: <[🔎] 20090530104352.8363.282.reportbug@mdxdesktop.ozas.sytes.net>
Reply-to: Modestas Vainius <modestas@vainius.eu>, 531157@bugs.debian.org

Package: apt
Version: 0.7.21
Severity: important
File: /usr/lib/apt/methods/http
Tags: patch

Hello,

according to RFC2616[0], empty Reason-Phase is allowed in Full-Response
Status-Line. However, apt http transport does not allow that and bails out with
"The HTTP server sent an invalid reply header" error. At least squid cache
server seems to return an empty reason phase in some of its 304 responses. The
attached patch fixes the problem by improving parser of the Status-Line.

0. http://www.w3.org/Protocols/rfc2616/rfc2616.html

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-rc7-amd64 (SMP w/1 CPU core)
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apt depends on:
ii  debian-archive-keyring        2009.01.31 GnuPG archive keys of the Debian a
ii  libc6                         2.9-13     GNU C Library: Shared libraries
ii  libgcc1                       1:4.4.0-5  GCC support library
ii  libstdc++6                    4.4.0-5    The GNU Standard C++ Library v3

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc                   <none>         (no description available)
ii  aptitude                  0.4.11.11-1+b1 terminal-based package manager
ii  bzip2                     1.0.5-1        high-quality block-sorting file co
ii  dpkg-dev                  1.15.2         Debian package development tools
ii  lzma                      4.43-14        Compression method of 7z format in
ii  python-apt                0.7.10.3+b1    Python interface to libapt-pkg

-- no debconf information

=== modified file 'methods/http.cc'
--- methods/http.cc	2009-04-09 02:36:34 +0000
+++ methods/http.cc	2009-05-30 10:01:32 +0000
@@ -544,18 +544,23 @@
    
    if (stringcasecmp(Tag.c_str(),Tag.c_str()+4,"HTTP") == 0)
    {
+      int codeoffset;
       // Evil servers return no version
       if (Line[4] == '/')
       {
-	 if (sscanf(Line.c_str(),"HTTP/%u.%u %u %[^\n]",&Major,&Minor,
-		    &Result,Code) != 4)
+	 if (sscanf(Line.c_str(),"HTTP/%u.%u %u%1[ ]%n",&Major,&Minor,
+		    &Result,&Code,&codeoffset) == 4)
+	    strcpy(Code, Line.c_str()+codeoffset);
+         else
 	    return _error->Error(_("The HTTP server sent an invalid reply header"));
       }
       else
       {
 	 Major = 0;
 	 Minor = 9;
-	 if (sscanf(Line.c_str(),"HTTP %u %[^\n]",&Result,Code) != 2)
+	 if (sscanf(Line.c_str(),"HTTP %u%1[ ]%n",&Result,Code,codeoffset) == 2)
+	    strcpy(Code, Line.c_str()+codeoffset);
+         else
 	    return _error->Error(_("The HTTP server sent an invalid reply header"));
       }

Reply to:

Follow-Ups:
- Bug#531157: [http transport]: does not allow empty Reason-Phase in Status-Line (breaks on 304s of squid)
  - From: Modestas Vainius <modestas@vainius.eu>

Prev by Date: Bug#501274: Some more details for Bug#501274 (apt-cache show segfaults on powerpc when APT::Cache::AllVersions is false)
Next by Date: Bug#531157: [http transport]: does not allow empty Reason-Phase in Status-Line (breaks on 304s of squid)
Previous by thread: Processed: Some more details for Bug#501274 (apt-cache show segfaults on powerpc when APT::Cache::AllVersions is false)
Next by thread: Bug#531157: [http transport]: does not allow empty Reason-Phase in Status-Line (breaks on 304s of squid)
Index(es):
- Date
- Thread