Red Hat Bugzilla – Bug 840845
httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line
Last modified: 2013-01-08 00:04:27 EST
Created attachment 598609 [details]
Accepted upstream patch successfully tested by customer
Description of problem:
Due to RFC 2616 (3.6.1) a request may be chunked encoded. Moreover the chunk-size line can be extended by zero or more chunk extensions.
httpd fails in processing such requests if the length of a chunk-size / -extension line exceeds 31 bytes (including CRLF).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. $ telnet localhost 80
Connected to localhost.
Escape character is '^]'.
2. POST /cgi-bin/printenv HTTP/1.1
The server does not answer the request.
The server should be RFC 2616 (3.6.1) compliant and process the request.
Fixed upstream at https://issues.apache.org/bugzilla/show_bug.cgi?id=49474 in httpd 2.4.1.
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release. Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products. This request is not yet committed for inclusion in
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.