Bug 29237

Summary: 1.3.31 breaks mod_dav
Product: Apache httpd-1.3 Reporter: lhecking
Component: OtherAssignee: Apache HTTPD Bugs Mailing List <bugs>
Severity: normal    
Priority: P3    
Version: HEAD   
Target Milestone: ---   
Hardware: Sun   
OS: Solaris   

Description lhecking 2004-05-26 20:10:15 UTC
I have described the issue here
but received only one response. I will happily supply more detail if requested.
Comment 1 Joe Orton 2004-05-27 09:08:22 UTC
Are you using mod_digest for Digest auth?  I've had reports of mod_dav not
working using 1.3.31's mod_digest, not sure if this is a regression though.
Comment 2 lhecking 2004-05-27 09:47:04 UTC
Nope, not at all.

$ grep -i digest conf/httpd.conf
#LoadModule digest_module      libexec/mod_digest.so
#AddModule mod_digest.c
$ bin/httpd -l |grep -i digest

The only external modules we use apart from mod_dev are mod_ssl-2.8.17-1.3.31
and mod_layout-3.2.
Comment 3 Jeff Trawick 2004-05-28 02:15:57 UTC
Please back out this 1.3.31 patch and try to recreate the problem.


This fixes a regression with Front Page.
Comment 4 lhecking 2004-05-28 10:07:01 UTC
Backing out this patch fixes the problem here. I've tested it with DAVExplorer,
and had a Windows user try it as well, just to be on the safe side :)

Comment 5 Jeff Gehlbach 2004-06-21 17:21:24 UTC
This bug breaks regular CGI programs on the first POST request if sent without
credentials.  Here's what the client sends:

POST /foo/bar.cgi HTTP/1.1\r\n
Host: blah\r\n
Content-length: 20\r\n

Because the request does not yet have keepalive set from the server's
perspective, the server closes the request immediately after receiving the \r\n
on a blank line and sends a 401.  Now something happens on the server (I'm
guessing the socket doesn't get flushed) that causes the last bit of data
written by the client to be prepended to REQUEST_METHOD for the requested CGI
program.  When the CGI checks REQUEST_METHOD, it gets a surprise:


I've observed this behavior on both Solaris and Win32.

Backing out the change per 'Jeff Trawick 2004-05-28 02:15' fixes the behavior
described here as well.
Comment 6 Joe Orton 2004-06-28 11:56:54 UTC

*** This bug has been marked as a duplicate of 29257 ***