cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Crash in curl library while processing HTTP HEAD response

From: isshed <isshed.sip_at_gmail.com>
Date: Thu, 18 Aug 2016 19:06:11 +0530

Good news using nc command I could recreate the issue.

 #nc -l 8080
HEAD /app.log HTTP/1.1
Host: 10.221.57.2:8080
Accept: */*

adfadfadfd
#

Thanks so much,

On Thu, Aug 18, 2016 at 6:24 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Thu, 18 Aug 2016, isshed wrote:
>
>>> Can you show us the *exact* bytes the server return? Does the response
>>> start
>>> with a status line at all? "HTTP/1.1 200 OK" style.
>>>
>> ####### No it does not start with HTTP/1.1..
>
>
> Then it isn't a HTTP/1.1 response, as such responses MUST start with such a
> line. I just wanted to have that clarified.
>
> The test case I already mentioned I added sends back a raw buffer with no
> headers as a response to HEAD in an attempt to reproduce your problem.
> Clearly there's something else than just a bad respone without headers
> that's required!
>
>>> Run 'nc -p 8080 -l', connect your application to localhost:8080 and then
>>> type in the response in the window where nc runs and break control-c.
>
>
>> I have installed Apache server and it is responding properly. can I modify
>> the HEAD response in apache server.
>
>
> I doubt that. That's not a valid HTTP/1.1 response and I think you have to
> tweak Apache badly to force it to respond that weirdly.
>
>> I am not much aware of nc I need to dig it.
>
>
> It's a basic command line tool that should be in every network hacker's tool
> belt already, and you'll figure it out in no time.
>
> Or you could just clone the curl code from git and try to tweak test 1144
> and see if you can make that crash curl.
>
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-08-18