|Summary:||HTTP status reason-phrase contains illegal characters in Japanese locale|
|Product:||Tomcat 5||Reporter:||Craig Chaney <apachebugs>|
|Component:||Catalina||Assignee:||Tomcat Developers Mailing List <dev>|
Description Craig Chaney 2009-10-08 07:38:25 UTC
FormAuthenticator.authenticate() can send the client an error response with Japanese characters. For example: response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, sm.getString("authenticator.sessionExpired")); This deviates from the HTTP RFC. From http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1.1: Reason-Phrase = *<TEXT, excluding CR, LF> The TEXT rule is only used for descriptive field contents and values that are not intended to be interpreted by the message parser. Words of *TEXT MAY contain characters from character sets other than ISO- 8859-1  only when encoded according to the rules of RFC 2047 . This can cause some problems with some clients. For example, httpclient 3 reads the HTTP status line by looping over the line byte-by-byte, looking for the "\n" byte. The authenticator.sessionExpired Japanese string happens to contain a Japanese character for which one of the bytes matches "\n", breaking this logic.
Comment 1 Mark Thomas 2009-12-17 14:40:32 UTC
As a work-around you should be able to set USE_CUSTOM_STATUS_MSG_IN_HEADER to false (the default). That said, Tomcat shouldn't be putting anything other than ISO-8859-1 in the headers. Patch to follow shortly to fix that.
Comment 2 Mark Thomas 2009-12-18 08:15:38 UTC
Patch applied to trunk and proposed for 6.0.x and 5.5.x
Comment 3 Mark Thomas 2009-12-20 08:36:30 UTC
The patch has been reverted from trunk following discussion on the dev list and the associated backport proposals withdrawn. A new patch will follow shortly.
Comment 4 Mark Thomas 2009-12-20 09:23:03 UTC
A ne wpatch has been applied to trunk and proposed for 6.0.x and 5.5.x
Comment 5 Mark Thomas 2009-12-21 03:46:42 UTC
This has been fixed in 6.0.x and will be included in 6.0.21 onwards.
Comment 6 Mark Thomas 2010-03-03 23:26:16 UTC
This has been fixed in 5.5.x and will be included in 5.5.29 onwards.