Skip Menu |
 

This queue is for tickets about the HTTP-Message CPAN distribution.

Report information
The Basics
Id: 34800
Status: resolved
Priority: 0/
Queue: HTTP-Message

People
Owner: Nobody in particular
Requestors: bryn.dole [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: HTTP::Message is not handling malformed HTTP headers
Download (untitled) / with headers
text/plain 1.1k
in libwww-perl-5.810 http://www.lochsidelodge.com/ http://www.meubelmakerijhetganker.nl/ Both of these sites return headers that do not conform to the standard (RFV 2616) and break the parsing in HTTP::Messags->parse(). When the pages are fetched with LWP the parser Net:HTTP::read_response_headers is used that has forgiving parsing. I'm attaching the header data for http://www.lochsidelodge.com/ and a simple test script to trigger the bug. Here is a suggested fix for HTTP::Messags->parse(). sub parse { my($class, $str) = @_; my $valid_prev_key = 0; my @hdr; while (1) { if ($str =~ s/^([^\x00-\x20\x7f()<>@,;:\\\"\/\[\]?={}]+)\s*:\s+(.*?)\n//) { push(@hdr, $1, $2); $hdr[-1] =~ s/\r\z//; $valid_prev_key = 1; } elsif ($valid_prev_key && $str =~ s/^([ \t].*?)\n//) { $hdr[-1] .= "\n$1"; $hdr[-1] =~ s/\r\z//; } elsif ($str !~ /^\r?\n/) { $str =~ s/^(.+?)\n//; # warn("malformed http header line, skipping."); $valid_prev_key = 0; } else { $str =~ s/^\r?\n//; last; } } new($class, \@hdr, $str); }
Subject: lochsidelodge.com.headers
Download lochsidelodge.com.headers
application/octet-stream 436b

Message body not shown because it is not plain text.

Subject: http_parse_test.pl
Download http_parse_test.pl
text/x-perl 177b
#!/usr/bin/perl use HTTP::Message; use Data::Dumper qw(Dumper); while(<>) { $h .= $_; } $h =~ s/^HTTP.+?\n//; my $header = HTTP::Message->parse($h); print Dumper($header);


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.