curl-library
Re: Crash in curl library while processing HTTP HEAD response
Date: Thu, 18 Aug 2016 14:54:00 +0200 (CEST)
On Thu, 18 Aug 2016, isshed wrote:
>> Can you show us the *exact* bytes the server return? Does the response start
>> with a status line at all? "HTTP/1.1 200 OK" style.
>>
> ####### No it does not start with HTTP/1.1..
Then it isn't a HTTP/1.1 response, as such responses MUST start with such a
line. I just wanted to have that clarified.
The test case I already mentioned I added sends back a raw buffer with no
headers as a response to HEAD in an attempt to reproduce your problem. Clearly
there's something else than just a bad respone without headers that's
required!
>> Run 'nc -p 8080 -l', connect your application to localhost:8080 and then
>> type in the response in the window where nc runs and break control-c.
> I have installed Apache server and it is responding properly. can I modify
> the HEAD response in apache server.
I doubt that. That's not a valid HTTP/1.1 response and I think you have to
tweak Apache badly to force it to respond that weirdly.
> I am not much aware of nc I need to dig it.
It's a basic command line tool that should be in every network hacker's tool
belt already, and you'll figure it out in no time.
Or you could just clone the curl code from git and try to tweak test 1144 and
see if you can make that crash curl.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2016-08-18