Bug 29237 - 1.3.31 breaks mod_dav
Summary: 1.3.31 breaks mod_dav
Status: CLOSED DUPLICATE of bug 29257
Alias: None
Product: Apache httpd-1.3
Classification: Unclassified
Component: Other (show other bugs)
Version: HEAD
Hardware: Sun Solaris
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-26 20:10 UTC by lhecking
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description lhecking 2004-05-26 20:10:15 UTC
I have described the issue here
http://marc.theaimsgroup.com/?t=108542455700005&r=1&w=2
but received only one response. I will happily supply more detail if requested.
Comment 1 Joe Orton 2004-05-27 09:08:22 UTC
Are you using mod_digest for Digest auth?  I've had reports of mod_dav not
working using 1.3.31's mod_digest, not sure if this is a regression though.
Comment 2 lhecking 2004-05-27 09:47:04 UTC
Nope, not at all.

$ grep -i digest conf/httpd.conf
#LoadModule digest_module      libexec/mod_digest.so
#AddModule mod_digest.c
$ bin/httpd -l |grep -i digest
$

The only external modules we use apart from mod_dev are mod_ssl-2.8.17-1.3.31
and mod_layout-3.2.
Comment 3 Jeff Trawick 2004-05-28 02:15:57 UTC
Please back out this 1.3.31 patch and try to recreate the problem.

http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_request.c?r1=1.173&r2=1.174

This fixes a regression with Front Page.
Comment 4 lhecking 2004-05-28 10:07:01 UTC
Backing out this patch fixes the problem here. I've tested it with DAVExplorer,
and had a Windows user try it as well, just to be on the safe side :)

Thanks!
Comment 5 Jeff Gehlbach 2004-06-21 17:21:24 UTC
This bug breaks regular CGI programs on the first POST request if sent without
credentials.  Here's what the client sends:

POST /foo/bar.cgi HTTP/1.1\r\n
Host: blah\r\n
Content-length: 20\r\n
\r\n
foo=bar&baz=flummox\r\n

Because the request does not yet have keepalive set from the server's
perspective, the server closes the request immediately after receiving the \r\n
on a blank line and sends a 401.  Now something happens on the server (I'm
guessing the socket doesn't get flushed) that causes the last bit of data
written by the client to be prepended to REQUEST_METHOD for the requested CGI
program.  When the CGI checks REQUEST_METHOD, it gets a surprise:

foo=bar&baz=flummoxPOST

I've observed this behavior on both Solaris and Win32.

Backing out the change per 'Jeff Trawick 2004-05-28 02:15' fixes the behavior
described here as well.
Comment 6 Joe Orton 2004-06-28 11:56:54 UTC

*** This bug has been marked as a duplicate of 29257 ***