Hmmm... The problem is that an all whitespace content-length value is
noted as an error. I would agree that if that is the case, Apache
should default to setting it to 0. This is easy to work around.
Since I've already added the ProtocolReqCheck directive, would people
think it's a good idea to either provide a similar directive for this,
or simple have 1.3.27 allow for "blank" C-L ??
This is the code area:
r->remaining = ap_strtol(lenp, &endstr, 10);
if (errno || (endstr && *endstr)) {
conversion_error = 1;
}
we would need to check errno just for ERANGE and then adjust the endstr
check as well... Or else just keep the test as is, and allow for
all blank beforehand. I think I'd prefer this method, since it
provides a specific solution to a specific problem. So the question
is runtime directive or simply allow blank by default??
Votes?
David Burry wrote:
>
> Hi!
>
> I'm having a problem since upgrading from Apache 1.3.23 to 1.3.26. It appears that
>the "Content-Length" header field is much more strict in what it will accept from
>http clients than it was before, and this is causing me biiig problems.
>
> A certain http client (which shall remain nameless due to embarrassment) is
>generating a request header like this:
>
> GET /some/file HTTP/1.0
> Host: some.place.com
> Content-Type:
> Last-Modified:
> Accept: */*
> User-Agent: foo
> Content-Length:
>
> Technically this is a very big no-no to have some blank header fields like this, I
>know. Content-Length, for instance, should either specify 0 (zero) or not be listed
>there at all. But the client is already out there in millions of users' hands,
>embedded into several popular products (as part of an auto-update sort of
>mechanism)...... so.... ideally, what I'd like to have, is an environment variable
>flag that disables some of the strictness of the Content-Length header field
>checking, to allow this aberrant behavior in some cases without producing errors.
>Perhaps this can be made part of Apache 1.3.27?
>
> Please let me know what you all think of this idea.
>
> Dave
>
--
===========================================================================
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
"A society that will trade a little liberty for a little order
will lose both and deserve neither" - T.Jefferson
