Re: Need confirmation of issue: HTTP simple requests broken as of Apache Tomcat 5.5.28.
On Thu, Aug 12, 2010 at 5:02 PM, Pid wrote:
> On 11/08/2010 14:38, Nick Langlois wrote:
> > Hi,
> >I need confirmation of an issue I've encountered while upgrading from
> > Apache Tomcat 5.5.25 to 5.5.29 running in Java 1.5.0_22 on Solaris 10u8.
> > Unfortunately, I'm going about this backwards as I've already created a
> bug
> > report. The tomcat site, however, recommends that confirmation should be
> > received as to whether a suspected bug is a bug or not on the tomcat user
> > mailing list.
> >
> > Issue found in: Apache Tomcat 5.5.29
> > Issue introduced in: Apache Tomcat 5.5.28
> >
> >
> > Issue:
> >
> > Get "HTTP/1.1 400 Bad Request" response back when Tomcat receives an HTTP
> > simple request (no HTTP version specified in request line).
> >
> >
> > Expected behaviour:
> >
> > According to its documentation, tomcat 5.5.x's HTTP connector is
> compliant
> > with the HTTP/1.1 RFC, and will seamlessly transition to HTTP/1.0 if an
> > HTTP/1.0 request is received. For backwards compatibility (I assume),
> the
> > HTTP 1.0 RFC handles HTTP 0.9 requests for older clients, referring to
> these
> > requests as "simple requests" in the RFC. Thus, according to the RFC,
> > tomcat should respond with a "simple response" should it receive a
> "simple
> > request".
> >
> >
> > Example of expected behaviour:
> >
> > wcars1u7-unit1# telnet localhost
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape charac= ter is '^]'.
> > GET /index.html
> >
> >
> >
> >
> > Zack Networks Application Server
> >
> > BODY {margin: 64px;
> > background: #ff;
> > cursor: default;}
> > H1, H2, H3, H4, H5, H6
> > {font-family: Zack-Networks-Primary, Arial-Bold, Arial,
> > Helvetica, Sans-Serif;
> > color: #003399;}
> >
> >
> >
> >
> > No application is available at this URL. Please see the product
> > documentation for the correct URL.
> >
> >
> > Connection to localhost closed by foreign host.
> > wcars1u7-unit1#
> >
> >
> > Behaviour I'm seeing:
> >
> > wcars1u7-unit1# telnet localhost 8080
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > GET /index.html
> > HTTP/1.1 400 Bad Request
> > Server: Apache-Coyote/1.1
> > Transfer-Encoding: chunked
> > Date: Tue, 10 Aug 2010 18:32:36 GMT
> > Connection: close
> >
> > 0
> >
> > Connection to localhost closed by foreign host.
> > wcars1u7-unit1#
> >
> >
> > With debug enabled, tomcat logs the following thrown exception:
> >
> > 2010-07-29 15:49:22,068 [http-8080-Processor24] DEBUG
> >
> > org.apache.coyote.http11.Http11Processor - Error parsing HTTP request
> header
> >
> > java.lang.IllegalArgumentException: Invalid character (CR or LF) found
> > in method name
> > at
> org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:474)
> > at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
> >
> > at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> > at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> > at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> >
> > at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> > at java.lang.Thread.run(Thread.java:595)
> >
> > Further information can be found in the bug report:
> >
> > https://issues.apache.org/bugzilla/show_bug.cgi?id=3D49718
> >
> > Can someone please confirm this issue?
> > Is it possible to get some indication as to if, when, and in what version
> > this issue will be fixed in the Tomcat 5.5.x release?
>
> I'm guessing that no-ones replying, because there's no known issue here.
>
> Are you sure the issue isn't a result of the means of making the test
> request?
>
I'm sure, as I've been doing it for years. It's great for debugging in
environment where you may not have any access to a system other than through
an established ssh or telnet session to the server
for security reasons (like at many of our customers).
You can do something similar to debug HTTPS requests using the "openssl
s_client" option.
In either case, you just must ensure you send your HTTP request before the
server side times out and
closes the TCP connection.
>
> p
>
>
Re: Need confirmation of issue: HTTP simple requests broken as of Apache Tomcat 5.5.28.
the defective fix:
$ diff
./apache-tomcat-5.5.27-src/connectors/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
./apache-tomcat-5.5.28-src/connectors/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
471a472,476
> // Spec says no CR or LF in method name
> if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
> throw new IllegalArgumentException(
> sm.getString("iib.invalidmethod"));
> }
763c768
< throw new IOException
---
> throw new IllegalArgumentException
$
And digging through the code repository, this is the subversion revision in
which this issue was introduced:
svn diff -c 781763 http://svn.apache.org/repos/asf/tomcat/
See below for responses to other questions.
Regards,
Nick.
On Fri, Aug 13, 2010 at 9:42 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Nick,
>
> On 8/11/2010 9:38 AM, Nick Langlois wrote:
> > Get "HTTP/1.1 400 Bad Request" response back when Tomcat receives an HTTP
> > simple request (no HTTP version specified in request line).
>
> [snip]
>
> > Example of expected behaviour:
> >
> > wcars1u7-unit1# telnet localhost
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape charac= ter is '^]'.
> > GET /index.html
> >
> >
>
> Agreed. Wow. HTML 3.2? No wonder you're supporting HTTP/0.9. :(
>
> >
> >
> > Zack Networks Application Server
> >
Need confirmation of issue: HTTP simple requests broken as of Apache Tomcat 5.5.28.
Hi,
I need confirmation of an issue I've encountered while upgrading from
Apache Tomcat 5.5.25 to 5.5.29 running in Java 1.5.0_22 on Solaris 10u8.
Unfortunately, I'm going about this backwards as I've already created a bug
report. The tomcat site, however, recommends that confirmation should be
received as to whether a suspected bug is a bug or not on the tomcat user
mailing list.
Issue found in: Apache Tomcat 5.5.29
Issue introduced in: Apache Tomcat 5.5.28
Issue:
Get "HTTP/1.1 400 Bad Request" response back when Tomcat receives an HTTP
simple request (no HTTP version specified in request line).
Expected behaviour:
According to its documentation, tomcat 5.5.x's HTTP connector is compliant
with the HTTP/1.1 RFC, and will seamlessly transition to HTTP/1.0 if an
HTTP/1.0 request is received. For backwards compatibility (I assume), the
HTTP 1.0 RFC handles HTTP 0.9 requests for older clients, referring to these
requests as "simple requests" in the RFC. Thus, according to the RFC,
tomcat should respond with a "simple response" should it receive a "simple
request".
Example of expected behaviour:
wcars1u7-unit1# telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape charac= ter is '^]'.
GET /index.html
Zack Networks Application Server
BODY {margin: 64px;
background: #ff;
cursor: default;}
H1, H2, H3, H4, H5, H6
{font-family: Zack-Networks-Primary, Arial-Bold, Arial,
Helvetica, Sans-Serif;
color: #003399;}
No application is available at this URL. Please see the product
documentation for the correct URL.
Connection to localhost closed by foreign host.
wcars1u7-unit1#
Behaviour I'm seeing:
wcars1u7-unit1# telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.html
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Tue, 10 Aug 2010 18:32:36 GMT
Connection: close
0
Connection to localhost closed by foreign host.
wcars1u7-unit1#
With debug enabled, tomcat logs the following thrown exception:
2010-07-29 15:49:22,068 [http-8080-Processor24] DEBUG
org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
java.lang.IllegalArgumentException: Invalid character (CR or LF) found
in method name
at
org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:474)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:595)
Further information can be found in the bug report:
https://issues.apache.org/bugzilla/show_bug.cgi?id=3D49718
Can someone please confirm this issue?
Is it possible to get some indication as to if, when, and in what version
this issue will be fixed in the Tomcat 5.5.x release?
Regards,
Nick.
