845532 – mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data

Bug 845532 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data

Summary: mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	httpd
Sub Component:
Version:	5.8
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Joe Orton
QA Contact:	Aleš Mareček
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	868283 873730
TreeView+	depends on / blocked

Reported:	2012-08-03 11:01 UTC by Roy Badami
Modified:	2013-01-11 04:16 UTC (History)
CC List:	7 users (show)
Fixed In Version:	httpd-2.2.3-69.el5
Doc Type:	Bug Fix
Doc Text:	Due to a bug in the "mod_cache" module, the "304 Not Modified" response from an origin server was not properly handled when a cached entity was being refreshed. Consequently, the entity could be returned to the HTTP client with incorrect headers. With this update, the "mod_cache" module has been modified to correctly handle headers in the "304 Not Modified" response. The cached entity is now returned with correct headers in this scenario.
Clone Of:
Clones:	868283 (view as bug list)
Environment:
Last Closed:	2013-01-08 05:04:30 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0130	0	normal	SHIPPED_LIVE	Low: httpd security, bug fix, and enhancement update	2013-01-08 09:33:40 UTC

Description Roy Badami 2012-08-03 11:01:11 UTC

Description of problem:

When mod_cache receives a non-cacheable 304 response, the headers are served incorrectly.  In particular, entity header fields such as Content-Type and Content-Encoding, which are not included in a 304 response, are not retrieved from the cache.  Then can result, for example, in compressed data being served without being marked as compressed (due to a missing Content-Encoding header) in the response headers that mod_cache returns to the client.

This is a regression in httpd-2.2.3-65.el5_8 as a result of applying patch httpd-2.2.3-r1068313.patch (which is changeset r1068313 from the Apache 2.2.x branch, which in turn is a merge of r1001884 from the Apache trunk).  This regression is also present in official Apache 2.2.18+ releases on the 2.2.x branch.  

Specifically, the upstream changeset r1001884 fixes Apache PR45341, but the fix has a flaw (PR52120) which was fixed in trunk in upstream changeset r1201331 and backported to 2.4.x in r1201332.  The fix has not currently been backported to upstream 2.2.x.

See also https://issues.apache.org/bugzilla/show_bug.cgi?id=52120

Comment 1 Joe Orton 2012-08-15 13:30:47 UTC

Hi, thanks for the report & investigation, I'm very sorry about the regression.

Comment 2 Joe Orton 2012-08-15 15:04:53 UTC

If you'd like a test package with the applicable fix for this bug please mail me or contact Red Hat Support.

Comment 4 RHEL Program Management 2012-08-15 15:17:41 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 15 errata-xmlrpc 2013-01-08 05:04:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0130.html

Note You need to log in before you can comment on or make changes to this bug.