Re: What is WARNING: suspicious CR characters in HTTP header ?

From: Evgeny Kotsuba <evgen__k@dont-contact.us>
Date: Tue, 15 Feb 2005 00:55:07 +0300

On Mon, 14 Feb 2005 20:22:25 +0100 (CET)
  Henrik Nordstrom <hno@squid-cache.org> wrote:
>
>
> On Mon, 14 Feb 2005, Evgeny Kotsuba wrote:
>
>> Hi,
>>
>> What is WARNING: suspicious CR characters in HTTP header ?
>> Say, what is wrong in
>> "Set-Cookie: sbtpoll1067196868\r=1067196868\r; path=/; expires=Tue,
>
> here: ^^^^^ ^^^^
>
>> 15-Feb-2005 15:31:46 GMT\r\nLocation:
>> http://www.metallica.kiev.ua/\r\nConnection: close\r\nContent-Type:
>> text/html; charset=iso-8859-1\r\n\r\n"
>>
>> And why in case of "suspicious CR characters " header is
>>not
>> developed propelly ?
>
> The header is malformed, having CR characters in the middle of the
>header value. CR characters is only allowed as part of the line
>ending, not alone.
>
>> I .e. why return is made in
>> -------8<---------------
>> if (memchr(this_line, '\r', field_end - this_line)) {
>> debug(55, 1) ("WARNING: suspicious CR characters in
>>HTTP
>> header near {%s}\n",
>> getStringPrefix(field_start, header_end));
>> //??EK return httpHeaderReset(hdr);
>> }
>
>
> Because the header can not be parsed properly without introducing
>ambigouity in the HTTP protocol.

Well, why it is parsed properly without return and why Mozilla/IE
 with direct connection can parse it properly ?

SY,
Evgeny Kotsuba
Received on Mon Feb 14 2005 - 14:55:10 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 25 2005 - 12:00:03 MST