Code

Opened 5 years ago

Closed 5 years ago

Last modified 3 years ago

#10681 closed (fixed)

Etag parser crashes on invalid input

Reported by: isagalaev Owned by: mtredinnick
Component: HTTP handling Version:
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Etag parser crashes on input with a trailing backslash trying to unquote the string. Apparently Opera 9.64 does send such etag in If-None-Match in some circumstances.

While strictly following HTTP requires to answer with "400 Bad Request" I believe it's too extreme for the real world. We can simply ignore the header in this case.

Patch follows shortly...

Attachments (1)

10681.diff (1.4 KB) - added by isagalaev 5 years ago.
Patch

Download all attachments as: .zip

Change History (7)

Changed 5 years ago by isagalaev

Patch

comment:1 Changed 5 years ago by isagalaev

  • Has patch set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 5 years ago by jacob

  • milestone set to 1.1
  • Triage Stage changed from Unreviewed to Accepted

I'm not sure the patch as given is the right approach: rfc2616 allows any 8-bit character to be in the contents of an etag, and we should do our best to support that. But crashing is right out.

comment:3 Changed 5 years ago by isagalaev

It's not about not accepting back-slash. It's about invalid escaping. If etag is exactly single back-slash character then it's perfectly possible to send like this:

If-None-Match: "\\"

What Opera sends here is just invalid.

comment:4 Changed 5 years ago by mtredinnick

This bug should also be reported to Opera, Ivan.

We really should be sending back a 400 response here, however, since it appears nobody else does, we'll have to play along. The patch looks right, but it means we now have to put Opera in the "not really a web browser" basket to keep al the versions of IE company.

comment:5 Changed 5 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

(In [10370]) Fixed #10681 -- Work around (by ignoring) invalid ETag headers.

This is a hack to work around problems in the Real World. Apparently, Opera
9.64 has been observed sending malformed headers. We now compromise our high
principles and simply ignore such bad behaviour.

Patch from Ivan Sagalaev.

comment:6 Changed 3 years ago by jacob

  • milestone 1.1 deleted

Milestone 1.1 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.