Re: Need confirmation of issue: HTTP simple requests broken as of Apache Tomcat 5.5.28.

Fri, 13 Aug 2010 12:16:46 -0700 

Hi Chris,
             thanks for the response.  I've already done quite a bit of
analysis and reported it in the following bug:
https://issues.apache.org/bugzilla/show_bug.cgi?id=49718

In summary, the issue was introduced in 5.5.28 as a fix for:

46984: Reject requests with invalid HTTP methods with a 400 rather than a 501.


The issue was originally reported to me by one of our design teams
against Tomcat 5.5.29 on
Java 1.5.0u22, on Solaris 10u8.  However, neither the physical
platform, nor the Java version
seem to have any bearing on the issue.

Following is the proof that the issue was introduced in 5.5.28.

Here is the simple request test executed in a vanilla 5.5.27
deployment that demonstrates the
expected simple response:

$ cd apache-tomcat-5.5.27
$ ls
bin     conf     logs    RELEASE-NOTES  server  temp     work
common  LICENSE  NOTICE  RUNNING.txt    shared  webapps
$ cd bin
$ ./startup.sh
Using CATALINA_BASE:   /localdisk/data/apps/apache-tomcat-5.5.27
Using CATALINA_HOME:   /localdisk/data/apps/apache-tomcat-5.5.27
Using CATALINA_TMPDIR: /localdisk/data/apps/apache-tomcat-5.5.27/temp
Using JRE_HOME:       /localdisk/data/apps/jdk1.5.0_17
$
$ ps -ef | grep java
nickl    21022     1 37 14:49 pts/14   00:00:01
/localdisk/data/apps/jdk1.5.0_17/bin/java
-Djava.util.logging.config.file=/localdisk/data/apps/apache-tomcat-5.5.27/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.endorsed.dirs=/localdisk/data/apps/apache-tomcat-5.5.27/common/endorsed
-classpath 
:/localdisk/data/apps/apache-tomcat-5.5.27/bin/bootstrap.jar:/localdisk/data/apps/apache-tomcat-5.5.27/bin/commons-logging-api.jar
-Dcatalina.base=/localdisk/data/apps/apache-tomcat-5.5.27
-Dcatalina.home=/localdisk/data/apps/apache-tomcat-5.5.27
-Djava.io.tmpdir=/localdisk/data/apps/apache-tomcat-5.5.27/temp
org.apache.catalina.startup.Bootstrap start
nickl    21031  4529  0 14:49 pts/14   00:00:00 grep java
$
$
$
$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.html
<html><head><title>Apache Tomcat/5.5.27 - Error
report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P 
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color :
#525D76;}--></style> </head><body><h1>HTTP Status 404 -
/index.html</h1><HR size="1" noshade="noshade"><p><b>type</b> Status
report</p><p><b>message</b>
<u>/index.html</u></p><p><b>description</b> <u>The requested resource
(/index.html) is not available.</u></p><HR size="1"
noshade="noshade"><h3>Apache
Tomcat/5.5.27</h3></body></html>Connection closed by foreign host.
$


Here is the same simple request test executed in a vanilla 5.5.28
deployment that demonstrates
the invalid HTTP/1.1 error response:
$ ./shutdown.sh
Using CATALINA_BASE:   /localdisk/data/apps/apache-tomcat-5.5.27
Using CATALINA_HOME:   /localdisk/data/apps/apache-tomcat-5.5.27
Using CATALINA_TMPDIR: /localdisk/data/apps/apache-tomcat-5.5.27/temp
Using JRE_HOME:       /localdisk/data/apps/jdk1.5.0_17
$
$
$ pwd
/localdisk/data/apps/apache-tomcat-5.5.27/bin
$ cd ../../apache-tomcat-5.5.28/
$
$
$
$ cd bin
$
$
$ ps -ef | grep java
nickl    21108  4529  0 14:51 pts/14   00:00:00 grep java
$
$
$ ./startup.sh
Using CATALINA_BASE:   /localdisk/data/apps/apache-tomcat-5.5.28
Using CATALINA_HOME:   /localdisk/data/apps/apache-tomcat-5.5.28
Using CATALINA_TMPDIR: /localdisk/data/apps/apache-tomcat-5.5.28/temp
Using JRE_HOME:        /localdisk/data/apps/jdk1.5.0_17
Using CLASSPATH:
/localdisk/data/apps/apache-tomcat-5.5.28/bin/bootstrap.jar
$
$
$ ps -ef | grep java
nickl    21120     1 69 14:51 pts/14   00:00:02
/localdisk/data/apps/jdk1.5.0_17/bin/java
-Djava.util.logging.config.file=/localdisk/data/apps/apache-tomcat-5.5.28/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.endorsed.dirs=/localdisk/data/apps/apache-tomcat-5.5.28/common/endorsed
-classpath /localdisk/data/apps/apache-tomcat-5.5.28/bin/bootstrap.jar
-Dcatalina.base=/localdisk/data/apps/apache-tomcat-5.5.28
-Dcatalina.home=/localdisk/data/apps/apache-tomcat-5.5.28
-Djava.io.tmpdir=/localdisk/data/apps/apache-tomcat-5.5.28/temp
org.apache.catalina.startup.Bootstrap start
nickl    21130  4529  0 14:51 pts/14   00:00:00 grep java
$
$
$
$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.html
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Fri, 13 Aug 2010 18:51:28 GMT
Connection: close

0

Connection closed by foreign host.
$


I've also removed the defective fix and recompiled the modules in
tomcat 5.5.28 and shown that
that resolves the issue.

Here is the defective fix:

$ diff
./apache-tomcat-5.5.27-src/connectors/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
./apache-tomcat-5.5.28-src/connectors/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
471a472,476
>             // Spec says no CR or LF in method name
>             if (buf[pos] == Constants.CR || buf[pos] == Constants.LF) {
>                 throw new IllegalArgumentException(
>                         sm.getString("iib.invalidmethod"));
>             }
763c768
<                 throw new IOException
---
>                 throw new IllegalArgumentException
$


And digging through the code repository, this is the subversion revision in
which this issue was introduced:

svn diff -c 781763 http://svn.apache.org/repos/asf/tomcat/

See below for responses to other questions.

Regards,

Nick.


On Fri, Aug 13, 2010 at 9:42 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nick,
>
> On 8/11/2010 9:38 AM, Nick Langlois wrote:
> > Get "HTTP/1.1 400 Bad Request" response back when Tomcat receives an HTTP
> > simple request (no HTTP version specified in request line).
>
> [snip]
>
> > Example of expected behaviour:
> >
> > wcars1u7-unit1# telnet localhost 5555
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape charac= ter is '^]'.
> > GET /index.html
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
>
> Agreed. Wow. HTML 3.2? No wonder you're supporting HTTP/0.9. :(
>
> > <html>
> > <head>
> > <title>Zack Networks Application Server</title>
> > <style type="text/css">
>
> If you're doing HTML 3.2, you might want your <style> content to be in
> <!-- here --> instead of bare like that.
>

nickl: I'll pass that advice along to the design group who owns the client
code (a third party vendor,
deploying their solution in an embedded system). However, considering they
refused to add a single space character at the end of the simple request to
work around this issue, I'd be surprised if they take the advice, :-)

>
> > Behaviour I'm seeing:
> >
> > wcars1u7-unit1# telnet localhost 8080
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > GET /index.html
> > HTTP/1.1 400 Bad Request
> > Server: Apache-Coyote/1.1
>
> It looks like there's something wrong, here: Tomcat is responding
> immediately with a non-version-matching response (it says HTTP/1.1 and
> should be using at most HTTP/1.0) and then supplying response headers,
> which aren't legal at the 0.9 level.
>
> Several things may be happening here:
>
> 1. Tomcat is assuming HTTP 1.0, and then everything above is normal.
>   I'll have to keep reading through the specs to see what the default
>   HTTP version is supposed to be... I wouldn't be surprised if it's
>   1.0 and not 0.9.
>
> 2. Tomcat has a bug (actually Coyote).
>
> Here's what I observe in my environment.
>
> Using Tomcat 6.0.26
>
> $ telnet localhost 8080
> Trying 127.0.0.1...
> Connected to localhost.localdomain.
> Escape character is '^]'.
> GET /mywebapp/index.html
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
>  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
> <html lang="en" xmlns="http://www.w3.org/1999/xhtml";>
> ...
>
> $ telnet localhost 8080
> Trying 127.0.0.1...
> Connected to localhost.localdomain.
> Escape character is '^]'.
> GET /mywebapp/index.html HTTP/1.0
>
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Accept-Ranges: bytes
> ETag: W/"3136-1280422452000"
> Last-Modified: Thu, 29 Jul 2010 16:54:12 GMT
> Content-Type: text/html
> Content-Length: 3136
> Date: Fri, 13 Aug 2010 13:08:34 GMT
> Connection: close
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
>  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
> <html lang="en" xmlns="http://www.w3.org/1999/xhtml";>
> ...
>
> $ telnet localhost 8080
> Trying 127.0.0.1...
> Connected to localhost.localdomain.
> Escape character is '^]'.
> GET /mywebapp/index.html HTTP/1.1
> Host: myhost
>
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Accept-Ranges: bytes
> ETag: W/"3136-1280422452000"
> Last-Modified: Thu, 29 Jul 2010 16:54:12 GMT
> Content-Type: text/html
> Content-Length: 3136
> Date: Fri, 13 Aug 2010 13:04:24 GMT
> Connection: close
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
>  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
> <html lang="en" xmlns="http://www.w3.org/1999/xhtml";>
> ...
>
> (Note that a "Host" request header is required in HTTP/1.1).
>
> Using Tomcat 5.5.27
>
> $ telnet localhost 8081
> Trying 127.0.0.1...
> Connected to localhost.localdomain.
> Escape character is '^]'.
> GET /myotherwebapp/index.html
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
>   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
> ...
>
> $ telnet localhost 8081
> Trying 127.0.0.1...
> Connected to localhost.localdomain.
> Escape character is '^]'.
> GET /cschultz-resource-search/index.html HTTP/1.0
>
> HTTP/1.1 404 Not Found
> Server: Apache-Coyote/1.1
> Content-Type: text/html;charset=ISO-8859-1
> Date: Fri, 13 Aug 2010 13:31:57 GMT
> Connection: close
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
>   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
> ...
>
> $ telnet localhost 8081
> Trying 127.0.0.1...
> Connected to localhost.localdomain.
> Escape character is '^]'.
> GET /cschultz-resource-search/index.html HTTP/1.1
> Host: dev.chadis.com
>
> HTTP/1.1 404 Not Found
> Server: Apache-Coyote/1.1
> Content-Type: text/html;charset=ISO-8859-1
> Transfer-Encoding: chunked
> Date: Fri, 13 Aug 2010 13:32:37 GMT
>
> 43d
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
>   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
> ...
> 0
>
> Odd that the HTTP/1.1 response was chunked for some reason.
>
> I don't have a 5.5.29 version available to test right now, but these two
> versions appear to behave appropriately. Do you have time to check the
> ChengeLog to see if anything interesting changed in the "Coyote" portion
> of the project?
>
> > wcars1u7-unit1#
> >
> > With debug enabled, tomcat logs the following thrown exception:
> >
> > 2010-07-29 15:49:22,068 [http-8080-Processor24] DEBUG
> >
> > org.apache.coyote.http11.Http11Processor - Error parsing HTTP request
> header
> >
> > java.lang.IllegalArgumentException: Invalid character (CR or LF) found
> > in method name
>
> That certainly looks weird. What else can you tell us about your
> environment? Could you provide a wireshark or tcpdump trace of the
> conversation, or at least the request part?
>

nickl: Here it is:

HTTP: ----- HyperText Transfer Protocol -----
HTTP:
HTTP: GET /whatever/servlet/whatever?ReplyType=ACTION&User=Foo&Password=Bar
HTTP:
HTTP:
To which Tomcat responds:
HTTP: ----- HyperText Transfer Protocol -----
HTTP:
HTTP: HTTP/1.1 400 Bad Request
HTTP: Server: Apache-Coyote/1.1
HTTP: Transfer-Encoding: chunked
HTTP: Date: Thu, 29 Jul 2010 19:26:06 GMT
HTTP: Connection: close
HTTP: [...]
HTTP:



>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxlS9UACgkQ9CaO5/Lv0PBsdgCfaBkNlkvb6/kZDdn3RuDKKgEd
> A6MAniZUnbK/4b75sQSHDD0Qd+224Knl
> =TFux
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to