[ https://issues.apache.org/jira/browse/TS-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13713252#comment-13713252 ]
Alan M. Carroll commented on TS-1298: ------------------------------------- I investigated this and I don't see it making for 3.3.5. The root cause is that the HTTP version number is parsed backwards and if there is anything that looks at all like a verion it is accepted, apparently to maintain backwards compatibility with HTTP 0.9. So "test 2" works because it what the HTTP parser considers a version number and it's marked as HTTP 0.9. It's not an implementation bug, the code is working as designed. The fix is a bit more challenging because of the larger implications. It would be a bit of work but straightforward to make the HTTP parsing more rigorous and require the full version string of the modern style ("HTTP/#.#") - the parsing logic for that is already present. But that would be a rather major change. There may be other places that related changes would have to be made. I also don't see a good way to fix this without basically imposing that requirement. I personally favor doing that but it's not really in the scope of a simple bug fix. > http_parser_parse_req appears inconsistent > ------------------------------------------ > > Key: TS-1298 > URL: https://issues.apache.org/jira/browse/TS-1298 > Project: Traffic Server > Issue Type: Bug > Components: HTTP > Affects Versions: 3.0.2 > Reporter: Aidan McGurn > Assignee: Alan M. Carroll > Fix For: 3.3.6 > > > when using IPT setup i test as follows: > 1. telnet <OS IP> 80 from client machine //this will be routed via ATS as > IPT env > 2. write "test" in telnet window and hit return > 3. i *correctly* get a PARSE ERROR inside HTTP.cc/http_parser_parse_req > 1051 if (!method_start || !method_end) > (gdb) > 1052 return PARSE_ERROR; > (gdb) p method_end > $4 = 0x0 > (gdb) p method_start > $5 = 0x12741000 "test\r\n" > However of i repeat step 2, with "test 2" method_end gets set and i end up > with a PARSE_DONE and it thinks *INCORRECTLY* therefore this is a HTTP > request. > Assume this is a bug and we are missing validation here or is this making > assumption the request is correct HTTP header format? > thanks for any assistance, > /aidan -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira