cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Crash in curl library while processing HTTP HEAD response

From: isshed <isshed.sip_at_gmail.com>
Date: Thu, 18 Aug 2016 19:47:39 +0530

I tried 3 times ..issue is reproducible 3 out of 3 times

On Thu, Aug 18, 2016 at 7:06 PM, isshed <isshed.sip_at_gmail.com> wrote:
> Good news using nc command I could recreate the issue.
>
> #nc -l 8080
> HEAD /app.log HTTP/1.1
> Host: 10.221.57.2:8080
> Accept: */*
>
> adfadfadfd
> #
>
>
> Thanks so much,
>
> On Thu, Aug 18, 2016 at 6:24 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>> On Thu, 18 Aug 2016, isshed wrote:
>>
>>>> Can you show us the *exact* bytes the server return? Does the response
>>>> start
>>>> with a status line at all? "HTTP/1.1 200 OK" style.
>>>>
>>> ####### No it does not start with HTTP/1.1..
>>
>>
>> Then it isn't a HTTP/1.1 response, as such responses MUST start with such a
>> line. I just wanted to have that clarified.
>>
>> The test case I already mentioned I added sends back a raw buffer with no
>> headers as a response to HEAD in an attempt to reproduce your problem.
>> Clearly there's something else than just a bad respone without headers
>> that's required!
>>
>>>> Run 'nc -p 8080 -l', connect your application to localhost:8080 and then
>>>> type in the response in the window where nc runs and break control-c.
>>
>>
>>> I have installed Apache server and it is responding properly. can I modify
>>> the HEAD response in apache server.
>>
>>
>> I doubt that. That's not a valid HTTP/1.1 response and I think you have to
>> tweak Apache badly to force it to respond that weirdly.
>>
>>> I am not much aware of nc I need to dig it.
>>
>>
>> It's a basic command line tool that should be in every network hacker's tool
>> belt already, and you'll figure it out in no time.
>>
>> Or you could just clone the curl code from git and try to tweak test 1144
>> and see if you can make that crash curl.
>>
>>
>> --
>>
>> / daniel.haxx.se
>> -------------------------------------------------------------------
>> List admin: https://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: https://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-08-18