Skip Menu |
 

This queue is for tickets about the HTTP-Message CPAN distribution.

Report information
The Basics
Id: 34800
Status: resolved
Priority: 0/
Queue: HTTP-Message

People
Owner: Nobody in particular
Requestors: bryn.dole [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: HTTP::Message is not handling malformed HTTP headers
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Charset: utf8
X-RT-Original-Encoding: utf-8
Content-Type: multipart/mixed; boundary="----------=_1207773016-31182-20"
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 1217
Download (untitled) / with headers
text/plain 1.1k
in libwww-perl-5.810 http://www.lochsidelodge.com/ http://www.meubelmakerijhetganker.nl/ Both of these sites return headers that do not conform to the standard (RFV 2616) and break the parsing in HTTP::Messags->parse(). When the pages are fetched with LWP the parser Net:HTTP::read_response_headers is used that has forgiving parsing. I'm attaching the header data for http://www.lochsidelodge.com/ and a simple test script to trigger the bug. Here is a suggested fix for HTTP::Messags->parse(). sub parse { my($class, $str) = @_; my $valid_prev_key = 0; my @hdr; while (1) { if ($str =~ s/^([^\x00-\x20\x7f()<>@,;:\\\"\/\[\]?={}]+)\s*:\s+(.*?)\n//) { push(@hdr, $1, $2); $hdr[-1] =~ s/\r\z//; $valid_prev_key = 1; } elsif ($valid_prev_key && $str =~ s/^([ \t].*?)\n//) { $hdr[-1] .= "\n$1"; $hdr[-1] =~ s/\r\z//; } elsif ($str !~ /^\r?\n/) { $str =~ s/^(.+?)\n//; # warn("malformed http header line, skipping."); $valid_prev_key = 0; } else { $str =~ s/^\r?\n//; last; } } new($class, \@hdr, $str); }
Subject: lochsidelodge.com.headers
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1207772851-31198-17"
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Charset: utf8
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: iso-8859-1
Content-Length: 0
Content-Type: application/octet-stream; name="lochsidelodge.com.headers"
Content-Disposition: inline; filename="lochsidelodge.com.headers"
Content-Transfer-Encoding: base64
Content-Length: 436
Download lochsidelodge.com.headers
application/octet-stream 436b

Message body not shown because it is not plain text.

Subject: http_parse_test.pl
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1207773015-31182-19"
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Charset: utf8
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: iso-8859-1
Content-Length: 0
Content-Type: application/x-perl; name="http_parse_test.pl"
Content-Disposition: inline; filename="http_parse_test.pl"
Content-Transfer-Encoding: base64
Content-Length: 177
Download http_parse_test.pl
text/x-perl 177b
#!/usr/bin/perl use HTTP::Message; use Data::Dumper qw(Dumper); while(<>) { $h .= $_; } $h =~ s/^HTTP.+?\n//; my $header = HTTP::Message->parse($h); print Dumper($header);
X-RT-Interface: REST
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
RT-Message-ID: <rt-4.0.18-11453-1490921613-1403.34800-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 82


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.