Bug 840845 - httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line
httpd fails in processing chunked requests with > 31 bytes chunk-size / -exte...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: httpd (Show other bugs)
5.9
All Linux
high Severity high
: rc
: ---
Assigned To: Joe Orton
Aleš Mareček
https://issues.apache.org/bugzilla/sh...
: EasyFix, Patch, Upstream
Depends On:
Blocks: 743405 842376
  Show dependency treegraph
 
Reported: 2012-07-17 07:30 EDT by Julio Entrena Perez
Modified: 2013-01-08 00:04 EST (History)
4 users (show)

See Also:
Fixed In Version: httpd-2.2.3-68.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 842376 (view as bug list)
Environment:
Last Closed: 2013-01-08 00:04:27 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Accepted upstream patch successfully tested by customer (694 bytes, patch)
2012-07-17 07:30 EDT, Julio Entrena Perez
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache Bugzilla 49474 None None None 2012-07-17 07:30:13 EDT

  None (edit)
Description Julio Entrena Perez 2012-07-17 07:30:13 EDT
Created attachment 598609 [details]
Accepted upstream patch successfully tested by customer

Description of problem:
Due to RFC 2616 (3.6.1) a request may be chunked encoded. Moreover the chunk-size line can be extended by zero or more chunk extensions.
httpd fails in processing such requests if the length of a chunk-size / -extension line exceeds 31 bytes (including CRLF).

Version-Release number of selected component (if applicable):
httpd-2.2.3-65.el5 .

How reproducible:
Always.

Steps to Reproduce:
1.  $ telnet localhost 80
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.

2.  POST /cgi-bin/printenv HTTP/1.1
    Host: $host
    Connection: close
    Transfer-Encoding: chunked
    
    5;ext-name=very-long-ext-val32
    01234
    0

Actual results:
The server does not answer the request.

Expected results:
The server should be RFC 2616 (3.6.1) compliant and process the request.

Additional info:
Fixed upstream at https://issues.apache.org/bugzilla/show_bug.cgi?id=49474 in httpd 2.4.1.
Comment 2 RHEL Product and Program Management 2012-07-17 07:48:24 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 10 errata-xmlrpc 2013-01-08 00:04:27 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0130.html

Note You need to log in before you can comment on or make changes to this bug.