43695 – static mod_ssl results in corrupt header response

Bug 43695 - static mod_ssl results in corrupt header response

Summary: static mod_ssl results in corrupt header response

Status:	RESOLVED DUPLICATE of bug 43334

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.2.6
Hardware:	PC Linux

Importance:	P2 major (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-10-24 13:28 UTC by Chris Hargreaves
Modified:	2007-10-24 16:02 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Hargreaves 2007-10-24 13:28:17 UTC

OS: Fedora Core 4
Platform: i386 (also reproduced in VMware)
OpenSSL v0.9.7f

compiling with
./configure --with-mpm=prefork --enable-ssl --disable-status --disable-userdir
--enable-so

results in: (sorry if the character after mod_ssl does not show - this is where
the openssl version should display - in this case it is \x01)
Apache/2.2.6 (Unix) mod_ssl/2.2.6 

In one request - apache reported back all the mime types.
Another time it just appended 'AddType'
Other times it displays a sequence of non-readable (and against RFC) characters.

Screenshot from a header check is here:
http://img509.imageshack.us/img509/3249/screenshothttphttpsheadre8.png

It appears as if it is referencing memory incorrectly.

As a temporary fix - ServerTokens Prod - does the job (which we should be using
anyway).

If I set mod_ssl as shared object - this problem dissapears - and the OpenSSL
version is properly displayed in the header.

Searching forums and such - I found some reports of this problem - but no
responses or solutions.

-chris

Comment 1 Chris Hargreaves 2007-10-24 14:15:08 UTC

Another response forwarded to us by a user (this instance would have been a
redirect):

The font color was inserted by their proxy software - but you see that the
mime.types are inserted following mod_ssl.

NOTE: I removed "Location:" section.

HTTP/1.1 302 Found Date: Thu, 18 Oct 2007 19:25:33 GMT Server: Apache/2.2.6
(Unix) mod_ssl/2.2.6 v video/nv video/parityfec video/pointer video/quicktime qt
mov video/raw video/rtp-enc-aescm128 video/rtx video/smpte292m video/vc1
video/vnd.dlna.mpeg-tts video/vnd.fvt fvt video/vnd.hns.video
video/vnd.motorola.video video/vnd.motorola.videop video/vnd.mpegurl mxu m4u
video/vnd.nokia.interleaved-multimedia video/vnd.nokia.videovoip
video/vnd.objectvideo video/vnd.sealed.mpeg1 video/vnd.sealed.mpeg4
video/vnd.sealed.swf video/vnd.sealedmedia.softseal.mov video/vnd.vivo viv
video/x-fli fli video/x-ms-asf asf asx video/x-ms-wm wm video/x-ms-wmv wmv
video/x-ms-wmx wmx video/x-ms-wvx wvx video/x-msvideo avi video/x-sgi-movie
movie x-conference/x-cooltalk ice if btif image/prs.pti image/svg+xml svg svgz
i&#572;font color=red>\37777777623\006\010&#248239;nt
color=red>\37777777623\006\010?\37777777623\006\010&#512;\177 ?nt
color=red>\37777777604 &#1596;font color=red>\003 P3P: CP='NOI' Set-Cookie:
UPTCLICKTHRU=1046-282493-639a9cf1bd; expires=Sat, 26-Jan-08 19:25:35 GMT; path=/
Keep-Alive: timeout=30, max=100 Connection: Keep-Alive Transfer-Encoding:
chunked Content-Type: text/html 0

Comment 2 Takashi Sato 2007-10-24 16:02:45 UTC

already fixed in both 2.2 and 2.0 development branches

*** This bug has been marked as a duplicate of 43334 ***