Skip Menu |

This queue is for tickets about the HTTP-Message CPAN distribution.

Report information
The Basics
Id: 34800
Status: resolved
Priority: 0/
Queue: HTTP-Message

Owner: Nobody in particular
Requestors: bryn.dole [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: HTTP::Message is not handling malformed HTTP headers
Download (untitled) / with headers
text/plain 1.1k
in libwww-perl-5.810 Both of these sites return headers that do not conform to the standard (RFV 2616) and break the parsing in HTTP::Messags->parse(). When the pages are fetched with LWP the parser Net:HTTP::read_response_headers is used that has forgiving parsing. I'm attaching the header data for and a simple test script to trigger the bug. Here is a suggested fix for HTTP::Messags->parse(). sub parse { my($class, $str) = @_; my $valid_prev_key = 0; my @hdr; while (1) { if ($str =~ s/^([^\x00-\x20\x7f()<>@,;:\\\"\/\[\]?={}]+)\s*:\s+(.*?)\n//) { push(@hdr, $1, $2); $hdr[-1] =~ s/\r\z//; $valid_prev_key = 1; } elsif ($valid_prev_key && $str =~ s/^([ \t].*?)\n//) { $hdr[-1] .= "\n$1"; $hdr[-1] =~ s/\r\z//; } elsif ($str !~ /^\r?\n/) { $str =~ s/^(.+?)\n//; # warn("malformed http header line, skipping."); $valid_prev_key = 0; } else { $str =~ s/^\r?\n//; last; } } new($class, \@hdr, $str); }
application/octet-stream 436b

Message body not shown because it is not plain text.

text/x-perl 177b
#!/usr/bin/perl use HTTP::Message; use Data::Dumper qw(Dumper); while(<>) { $h .= $_; } $h =~ s/^HTTP.+?\n//; my $header = HTTP::Message->parse($h); print Dumper($header);

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to