Bug 41170 - single crlf in header termination crashes app.
Summary: single crlf in header termination crashes app.
Status: RESOLVED WORKSFORME
Alias: None
Product: Tomcat Connectors
Classification: Unclassified
Component: Common (show other bugs)
Version: unspecified
Hardware: Other Windows Server 2003
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords: RFC
Depends on:
Blocks:
 
Reported: 2006-12-13 07:36 UTC by Con O'Donnell
Modified: 2010-11-29 14:04 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Con O'Donnell 2006-12-13 07:36:46 UTC 
In modjk (latest version i could find ) for IIS there is a possible bug in 
function:

static int JK_METHOD start_response(jk_ws_service_t *s,
                                    int status,
                                    const char *reason,
                                    const char *const *header_names,
                                    const char *const *header_values,
                                    unsigned int num_of_headers)
{

It creates a response buffer and it works fine if there are headers to send:

            if (num_of_headers) {
                             ...
            else {
however if there are no headers to send it merely sends a single crlf in the 
header buffer. 
                headers_str = crlf;
            }
}

The description for HSE_REQ_SEND_RESPONSE_HEADER at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/iissdk/html/ad17aeb4-bb70-4755-83a2-c4cec7fa5ecb.asp

"If you append your own headers to the server-generated headers, you must 
terminate the header string with an extra carriage return and linefeed."

also seems to mean that once you have no headers to send then you need to make 
sure you terminate the header by adding an extra crlf (double crlf) as per the 
RFC

So sending a single crlf would not be valid (browsers will ignore error this 
but we ran into an app called documentum that crashes while parsing the header.)

Oddly enough IIS copes with and seems to correct the header (at least in Win2K3 
SP1) except in one case and that is where another ISAPI filter is chained on 
and in the NOTIFY_SEND_RESPONSE and that filter READS the www-authenticate 
header!!! then IIS passes the buffer that mod_jk sends it transparently and the 
client sees the header with a single crlf.

Appending an additional crlf when there is no header seems to take care of the 
problem.

Hope this is enough detail please feel free to contact me !

all the Best
Con




.
Comment 1 Yoav Shapira 2007-03-25 09:23:11 UTC 
Con, we've had a few mod_jk releases since your bug post.  Can you please
confirm that this issue still happens with the latest mod_jk (1.2.21 I believe)
and Tomcat (6.0.10 or 5.5.23)?
Comment 2 Tim Whittington 2010-01-03 23:32:14 UTC 
I don't believe this is a bug in the IIS connector.
The docs for HSE_REQ_SEND_RESPONSE_HEADER indicate (in classic IIS style) that if you supply your own headers, you need to provide the CRLF that terminates the message header (as per http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4) as well as the CRLF terminating each header - i.e. for no headers, you would supply a CRLF\0 string.

This is what the code does now (and what it looked like doing in 2006).
Comment 3 Tim Whittington 2010-11-29 14:04:08 UTC 
Noone has noticed this causing an issue since the report, and the code seems correct on inspection, so I'm closing this for now.