|Summary:||1.3.31 breaks mod_dav|
|Component:||Other||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description lhecking 2004-05-26 20:10:15 UTC
I have described the issue here http://marc.theaimsgroup.com/?t=108542455700005&r=1&w=2 but received only one response. I will happily supply more detail if requested.
Comment 1 Joe Orton 2004-05-27 09:08:22 UTC
Are you using mod_digest for Digest auth? I've had reports of mod_dav not working using 1.3.31's mod_digest, not sure if this is a regression though.
Comment 2 lhecking 2004-05-27 09:47:04 UTC
Nope, not at all. $ grep -i digest conf/httpd.conf #LoadModule digest_module libexec/mod_digest.so #AddModule mod_digest.c $ bin/httpd -l |grep -i digest $ The only external modules we use apart from mod_dev are mod_ssl-2.8.17-1.3.31 and mod_layout-3.2.
Comment 3 Jeff Trawick 2004-05-28 02:15:57 UTC
Please back out this 1.3.31 patch and try to recreate the problem. http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_request.c?r1=1.173&r2=1.174 This fixes a regression with Front Page.
Comment 4 lhecking 2004-05-28 10:07:01 UTC
Backing out this patch fixes the problem here. I've tested it with DAVExplorer, and had a Windows user try it as well, just to be on the safe side :) Thanks!
Comment 5 Jeff Gehlbach 2004-06-21 17:21:24 UTC
This bug breaks regular CGI programs on the first POST request if sent without credentials. Here's what the client sends: POST /foo/bar.cgi HTTP/1.1\r\n Host: blah\r\n Content-length: 20\r\n \r\n foo=bar&baz=flummox\r\n Because the request does not yet have keepalive set from the server's perspective, the server closes the request immediately after receiving the \r\n on a blank line and sends a 401. Now something happens on the server (I'm guessing the socket doesn't get flushed) that causes the last bit of data written by the client to be prepended to REQUEST_METHOD for the requested CGI program. When the CGI checks REQUEST_METHOD, it gets a surprise: foo=bar&baz=flummoxPOST I've observed this behavior on both Solaris and Win32. Backing out the change per 'Jeff Trawick 2004-05-28 02:15' fixes the behavior described here as well.