Bug 840845

Summary: httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line
Product: Red Hat Enterprise Linux 5 Reporter: Julio Entrena Perez <jentrena>
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED ERRATA QA Contact: Aleš Mareček <amarecek>
Severity: high Docs Contact:
Priority: high    
Version: 5.9CC: amarecek, jentrena, ksrot, pep
Target Milestone: rcKeywords: EasyFix, Patch, Upstream
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://issues.apache.org/bugzilla/show_bug.cgi?id=49474
Whiteboard:
Fixed In Version: httpd-2.2.3-68.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 842376 (view as bug list) Environment:
Last Closed: 2013-01-08 05:04:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 743405, 842376    
Attachments:
Description Flags
Accepted upstream patch successfully tested by customer none

Description Julio Entrena Perez 2012-07-17 11:30:13 UTC 
Created attachment 598609 [details]
Accepted upstream patch successfully tested by customer

Description of problem:
Due to RFC 2616 (3.6.1) a request may be chunked encoded. Moreover the chunk-size line can be extended by zero or more chunk extensions.
httpd fails in processing such requests if the length of a chunk-size / -extension line exceeds 31 bytes (including CRLF).

Version-Release number of selected component (if applicable):
httpd-2.2.3-65.el5 .

How reproducible:
Always.

Steps to Reproduce:
1.  $ telnet localhost 80
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.

2.  POST /cgi-bin/printenv HTTP/1.1
    Host: $host
    Connection: close
    Transfer-Encoding: chunked
    
    5;ext-name=very-long-ext-val32
    01234
    0

Actual results:
The server does not answer the request.

Expected results:
The server should be RFC 2616 (3.6.1) compliant and process the request.

Additional info:
Fixed upstream at https://issues.apache.org/bugzilla/show_bug.cgi?id=49474 in httpd 2.4.1.
Comment 2 RHEL Program Management 2012-07-17 11:48:24 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 10 errata-xmlrpc 2013-01-08 05:04:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0130.html