Summary: | 1.3.31 breaks mod_dav | ||
---|---|---|---|
Product: | Apache httpd-1.3 | Reporter: | lhecking |
Component: | Other | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | CLOSED DUPLICATE | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | HEAD | ||
Target Milestone: | --- | ||
Hardware: | Sun | ||
OS: | Solaris |
Description
lhecking
2004-05-26 20:10:15 UTC
Are you using mod_digest for Digest auth? I've had reports of mod_dav not working using 1.3.31's mod_digest, not sure if this is a regression though. Nope, not at all. $ grep -i digest conf/httpd.conf #LoadModule digest_module libexec/mod_digest.so #AddModule mod_digest.c $ bin/httpd -l |grep -i digest $ The only external modules we use apart from mod_dev are mod_ssl-2.8.17-1.3.31 and mod_layout-3.2. Please back out this 1.3.31 patch and try to recreate the problem. http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_request.c?r1=1.173&r2=1.174 This fixes a regression with Front Page. Backing out this patch fixes the problem here. I've tested it with DAVExplorer, and had a Windows user try it as well, just to be on the safe side :) Thanks! This bug breaks regular CGI programs on the first POST request if sent without credentials. Here's what the client sends: POST /foo/bar.cgi HTTP/1.1\r\n Host: blah\r\n Content-length: 20\r\n \r\n foo=bar&baz=flummox\r\n Because the request does not yet have keepalive set from the server's perspective, the server closes the request immediately after receiving the \r\n on a blank line and sends a 401. Now something happens on the server (I'm guessing the socket doesn't get flushed) that causes the last bit of data written by the client to be prepended to REQUEST_METHOD for the requested CGI program. When the CGI checks REQUEST_METHOD, it gets a surprise: foo=bar&baz=flummoxPOST I've observed this behavior on both Solaris and Win32. Backing out the change per 'Jeff Trawick 2004-05-28 02:15' fixes the behavior described here as well. |