Bug 47963

Summary: HTTP status reason-phrase contains illegal characters in Japanese locale
Product: Tomcat 5 Reporter: Craig Chaney <apachebugs>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 5.5.28   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Craig Chaney 2009-10-08 07:38:25 UTC
FormAuthenticator.authenticate() can send the client an error response with Japanese characters.  For example:

            response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
                               sm.getString("authenticator.sessionExpired"));

This deviates from the HTTP RFC.  From http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1.1:

Reason-Phrase  = *<TEXT, excluding CR, LF>

The TEXT rule is only used for descriptive field contents and values
   that are not intended to be interpreted by the message parser. Words
   of *TEXT MAY contain characters from character sets other than ISO-
   8859-1 [22] only when encoded according to the rules of RFC 2047
   [14].

This can cause some problems with some clients.  For example, httpclient 3 reads the HTTP status line by looping over the line byte-by-byte, looking for the "\n" byte.  The authenticator.sessionExpired Japanese string happens to contain a Japanese character for which one of the bytes matches "\n", breaking this logic.
Comment 1 Mark Thomas 2009-12-17 14:40:32 UTC
As a work-around you should be able to set USE_CUSTOM_STATUS_MSG_IN_HEADER to false (the default).

That said, Tomcat shouldn't be putting anything other than ISO-8859-1 in the headers. Patch to follow shortly to fix that.
Comment 2 Mark Thomas 2009-12-18 08:15:38 UTC
Patch applied to trunk and proposed for 6.0.x and 5.5.x
Comment 3 Mark Thomas 2009-12-20 08:36:30 UTC
The patch has been reverted from trunk following discussion on the dev list and the associated backport proposals withdrawn. A new patch will follow shortly.
Comment 4 Mark Thomas 2009-12-20 09:23:03 UTC
A ne wpatch has been applied to trunk and proposed for 6.0.x and 5.5.x
Comment 5 Mark Thomas 2009-12-21 03:46:42 UTC
This has been fixed in 6.0.x and will be included in 6.0.21 onwards.
Comment 6 Mark Thomas 2010-03-03 23:26:16 UTC
This has been fixed in 5.5.x and will be included in 5.5.29 onwards.