cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Crash in curl library while processing HTTP HEAD response

From: isshed <isshed.sip_at_gmail.com>
Date: Fri, 19 Aug 2016 15:41:10 +0530

Daniel,

Can we finalize the fix?

Thanks !!!!!

On Thu, Aug 18, 2016 at 7:47 PM, isshed <isshed.sip_at_gmail.com> wrote:
> I tried 3 times ..issue is reproducible 3 out of 3 times
>
> On Thu, Aug 18, 2016 at 7:06 PM, isshed <isshed.sip_at_gmail.com> wrote:
>> Good news using nc command I could recreate the issue.
>>
>> #nc -l 8080
>> HEAD /app.log HTTP/1.1
>> Host: 10.221.57.2:8080
>> Accept: */*
>>
>> adfadfadfd
>> #
>>
>>
>> Thanks so much,
>>
>> On Thu, Aug 18, 2016 at 6:24 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>>> On Thu, 18 Aug 2016, isshed wrote:
>>>
>>>>> Can you show us the *exact* bytes the server return? Does the response
>>>>> start
>>>>> with a status line at all? "HTTP/1.1 200 OK" style.
>>>>>
>>>> ####### No it does not start with HTTP/1.1..
>>>
>>>
>>> Then it isn't a HTTP/1.1 response, as such responses MUST start with such a
>>> line. I just wanted to have that clarified.
>>>
>>> The test case I already mentioned I added sends back a raw buffer with no
>>> headers as a response to HEAD in an attempt to reproduce your problem.
>>> Clearly there's something else than just a bad respone without headers
>>> that's required!
>>>
>>>>> Run 'nc -p 8080 -l', connect your application to localhost:8080 and then
>>>>> type in the response in the window where nc runs and break control-c.
>>>
>>>
>>>> I have installed Apache server and it is responding properly. can I modify
>>>> the HEAD response in apache server.
>>>
>>>
>>> I doubt that. That's not a valid HTTP/1.1 response and I think you have to
>>> tweak Apache badly to force it to respond that weirdly.
>>>
>>>> I am not much aware of nc I need to dig it.
>>>
>>>
>>> It's a basic command line tool that should be in every network hacker's tool
>>> belt already, and you'll figure it out in no time.
>>>
>>> Or you could just clone the curl code from git and try to tweak test 1144
>>> and see if you can make that crash curl.
>>>
>>>
>>> --
>>>
>>> / daniel.haxx.se
>>> -------------------------------------------------------------------
>>> List admin: https://cool.haxx.se/list/listinfo/curl-library
>>> Etiquette: https://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-08-19

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Crash in curl library while processing HTTP HEAD response"
Previous message: Patrick Monnerat: "Re: an OpenSSL memory leak per-thread"
In reply to: isshed: "Re: Crash in curl library while processing HTTP HEAD response"
Next in thread: Daniel Stenberg: "Re: Crash in curl library while processing HTTP HEAD response"
Reply: Daniel Stenberg: "Re: Crash in curl library while processing HTTP HEAD response"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]