Package: apache2.2-common Version: 2.2.3-4+etch1 Severity: normal
Apache treats an aborted HTTP PUT as if it completed successfully, logs the PUT as having completed successfully and leaves the incomplete file on the disk. It does so even though the transmitted content is much shorter than the advertised content length. Replicate with: httpd.conf: LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so LoadModule dav_lock_module /usr/lib/apache2/modules/mod_dav_lock.so DAVLockDB /tmp/DAVLock <Directory /var/www/dav/> Dav filesystem </Directory> # mkdir /var/www/dav # chown www-data /var/www/dav # curl -T bigfile http://localhost/dav/bigfile ^C partial upload at /var/www/dav/bigfile remains on the disk. access_log shows success status 201: 127.0.0.1 - - [16/Nov/2007:17:31:32 -0500] "PUT /dav/bigfile HTTP/1.1" 201 322 "-" "curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5" excerpts from tcpdump: PUT /dav/bigfile HTTP/1.1 User-Agent: curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5 Host: minoc.dirtside.com Accept: */* Content-Length: 723795856 Expect: 100-continue HTTP/1.1 100 Continue [uploaded data until ^C] Note: FIN packet from source due to program abort 17:31:32.166989 IP (tos 0x0, ttl 64, id 58671, offset 0, flags [DF], proto: TCP (6), length: 16436) 127.0.0.1.57636 > 127.0.0.1.80: FP 4587737:4604121(16384) ack 26 win 8192 <nop,nop,timestamp 96632442 96632442> Note: Apache responds with success message anyway 17:31:32.170708 IP (tos 0x0, ttl 64, id 31673, offset 0, flags [DF], proto: TCP (6), length: 629) 127.0.0.1.80 > 127.0.0.1.57636: P, cksum 0xca8d (correct), 26:603(577) ack 4604122 win 32768 <nop,nop,timestamp 96632443 96632442> [EMAIL PROTECTED]@.N.F..RF..R.P.$f ..e.............. ..~{..~zHTTP/1.1 201 Created Date: Fri, 16 Nov 2007 22:31:32 GMT Server: Apache/2.2.3 (Debian) DAV/2 mod_fastcgi/2.4.2 mod_ssl/2.2.3 OpenSSL/0.9.8c Location: http://minoc.dirtside.com/dav/bigfile Content-Length: 322 Content-Type: text/html; charset=UTF-8 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>201 Created</title> </head><body> <h1>Created</h1> <p>Resource /dav/bigfile has been created.</p> <hr /> <address>Apache/2.2.3 (Debian) DAV/2 mod_fastcgi/2.4.2 mod_ssl/2.2.3 OpenSSL/0.9.8c Server at minoc.dirtside.com Port 80</address> </body></html> Note: RST packet from source since the connection is no longer there. 17:31:32.170763 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 127.0.0.1.57636 > 127.0.0.1.80: R, cksum 0x1f77 (correct), 1707072287:1707072287(0) win 0 -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16.56-dualp2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.3-4+etch1 utility programs for webservers ii libmagic1 4.17-5etch3 File type determination library us ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap ii net-tools 1.60-17 The NET-3 networking toolkit ii procps 1:3.2.7-3 /proc file system utilities apache2.2-common recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]