https://bz.apache.org/bugzilla/show_bug.cgi?id=65483
Bug ID: 65483 Summary: Garbage characters in Server header and version string when using mod_ssl statically Product: Apache httpd-test Version: unspecified Hardware: PC URL: http://svn.apache.org/viewvc?view=rev&revision=574884 OS: Linux Status: NEW Keywords: PatchAvailable Severity: critical Priority: P1 Component: flood Assignee: bugs@httpd.apache.org Reporter: angiograf...@gmail.com CC: bugs@httpd.apache.org, c.ha...@gmail.com, cr...@haquarter.de, cuicui.o...@free.fr, dur...@hw-durket.stanford.edu, r...@math.technion.ac.il, rudy.a...@tais.toshiba.com, srat...@zmnh.uni-hamburg.de, ste...@pyro.eu.org, wbre...@gmx.net Depends on: 43334 Target Milestone: --- +++ This bug was initially created as a clone of Bug #43334 +++ Since upgrading apache to 2.2.6, I now see 'garbage' displayed in the Server header of the HTTP response, which I believe is caused by mod_ssl: Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 (8$ DAV/2 The error log contains nothing other than this notice, also showing the garbage characters: [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 (8$\b DAV/2 configured -- resuming normal operations The garbage characters do not change during successive HTTP requests. The string *sometimes* varies when httpd is restarted via 'apachectl restart'. A space (0x20) always appears at either side of the garbage characters. Sometimes after restarting, no garbage characters appear but there are still two spaces between mod_ssl/2.2.6 and DAV/2 (presumably the garbage output began with 0x00 on those occasions). The error is present when no shared modules are being loaded. I had compiled httpd from source and configured as follows: ./configure --prefix= --localstatedir=/var --sysconfdir=/etc/apache2 --enable-layout=Debian --enable-so --with-program-name=apache2 --with-suexec-caller=www-data --with-suexec-bin=/usr/lib/apache2/suexec2 --with-suexec-docroot=/var/www --with-suexec-userdir=public_html --with-suexec-logfile=/var/log/apache2/suexec.log --with-ldap=yes --with-ldap-include=/usr/include --with-ldap-lib=/usr/lib --with-z --enable-deflate --enable-headers --with-mpm=worker --enable-expires --enable-ssl --enable-dav --with-apr=/usr After compiling without --enable-ssl, the version string appeared normal: [notice] Apache/2.2.6 (Unix) DAV/2 configured -- resuming normal operations To double-check, I recompiled with --enable-ssl and restarted, and the problem reappeared: [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 \xde\x10\x10\b\xc6\x10\x10\b DAV/2 configured -- resuming normal operations An interesting side-effect is that the garbage characters can trigger this error in Visual Studio or .NET HTTP clients: "The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF" The error message partly erroneous, since indeed all CR's were followed by LF's, and the garbage characters at the time did not include either the CR or LF control characters. However, some of the garbage characters were probably invalid for an HTTP response header, hence the 'protocol violation'). Possibly related to #40146 ? Though I'm not sure what the "Current configuration:" message is that the author referred to. ps. the Version field in the bug tracker does not include 2.2.6, so I had to select 2.2-HEAD. Thanks! Referenced Bugs: https://bz.apache.org/bugzilla/show_bug.cgi?id=43334 [Bug 43334] Garbage characters in Server header and version string when using mod_ssl statically -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org