840845 – httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line

Bug 840845 - httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line

Summary: httpd fails in processing chunked requests with > 31 bytes chunk-size / -exte...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	httpd
Sub Component:
Version:	5.9
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Joe Orton
QA Contact:	Aleš Mareček
Docs Contact:
URL:	https://issues.apache.org/bugzilla/sh...
Whiteboard:
Depends On:
Blocks:	743405 842376
TreeView+	depends on / blocked

Reported:	2012-07-17 11:30 UTC by Julio Entrena Perez
Modified:	2018-11-30 21:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:	httpd-2.2.3-68.el5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	842376 (view as bug list)
Environment:
Last Closed:	2013-01-08 05:04:27 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Accepted upstream patch successfully tested by customer (694 bytes, patch) 2012-07-17 11:30 UTC, Julio Entrena Perez	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Apache Bugzilla	49474	0	None	None	None	2012-07-17 11:30:13 UTC
Red Hat Product Errata	RHSA-2013:0130	0	normal	SHIPPED_LIVE	Low: httpd security, bug fix, and enhancement update	2013-01-08 09:33:40 UTC

Description Julio Entrena Perez 2012-07-17 11:30:13 UTC

Created attachment 598609 [details]
Accepted upstream patch successfully tested by customer

Description of problem:
Due to RFC 2616 (3.6.1) a request may be chunked encoded. Moreover the chunk-size line can be extended by zero or more chunk extensions.
httpd fails in processing such requests if the length of a chunk-size / -extension line exceeds 31 bytes (including CRLF).

Version-Release number of selected component (if applicable):
httpd-2.2.3-65.el5 .

How reproducible:
Always.

Steps to Reproduce:
1.  $ telnet localhost 80
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.

2.  POST /cgi-bin/printenv HTTP/1.1
    Host: $host
    Connection: close
    Transfer-Encoding: chunked
    
    5;ext-name=very-long-ext-val32
    01234
    0

Actual results:
The server does not answer the request.

Expected results:
The server should be RFC 2616 (3.6.1) compliant and process the request.

Additional info:
Fixed upstream at https://issues.apache.org/bugzilla/show_bug.cgi?id=49474 in httpd 2.4.1.

Comment 2 RHEL Program Management 2012-07-17 11:48:24 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 10 errata-xmlrpc 2013-01-08 05:04:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0130.html

Note You need to log in before you can comment on or make changes to this bug.