PHP :: Bug #42779 :: Incorrect forcing from HTTP/1.0 request to HTTP/1.1 response

Bug #42779	Incorrect forcing from HTTP/1.0 request to HTTP/1.1 response
Submitted:	2007-09-27 16:40 UTC	Modified:	2008-11-12 19:07 UTC
From:	aya at eh dot org	Assigned:	iliaa (profile)
Status:	Closed	Package:	Apache2 related
PHP Version:	5.2.1	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	aya at eh dot org
New email:
PHP Version:		OS:

New Comment:

[2007-09-27 16:40 UTC] aya at eh dot org

Description:
------------
There seems to have been a change in the 'Connection' output header for HTTP/1.0 requests somewhere between PHP v5.2.0 and PHP v5.2.3.

IIRC, according to the relevant RFCs, When processing an HTTP/1.0 request, the server should respond with an HTTP/1.1 response line if it supports HTTP/1.1, but the entity headers should be compatible with HTTP/1.0.

A simple "GET / HTTP/1.0" to a PHP page in v5.2.0 returns...

HTTP/1.1 200 OK
Connection: close
...other stuff...

...and then closes the connections as soon as the entity has been sent.

However, the same request in v5.2.3 returns...

HTTP/1.1 200 OK
...other stuff...

...and then waits for another request, without sending a "Connection: keep-alive" header. This is the correct behaviour for an HTTP/1.1 request, but not an HTTP/1.0 request.

In practise, this change prevents apachebench from working correctly against PHP scripts.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-09-28 14:58 UTC] aya at eh dot org

After having done some more research, I think I've found the problem. I believe it was introduced in PHP v5.2.1 in sapi/apache2handler/sapi_apache2.c revision 1.57.2.10.2.8 as part of the fix for bug #38602.

It's reasonable to downgrade the protocol version to HTTP/1.0 upon receiving a header beginning with "HTTP/1.0 ", but upgrading the protocol version to HTTP/1.1 upon receiving a header beginning with "HTTP/1.1 " is wrong.

If an HTTP/1.1 webserver receives an HTTP/1.0 request, it should respond with a header beginning with "HTTP/1.1 " to indicate to the client that it is capable of processing HTTP/1.1 requests, BUT the following response should still be an HTTP/1.0 response.

The section of the code which reads...
    /* httpd requires that r->status_line is set to the first digit of
     * the status-code: */
    if (sline && strlen(sline) > 12 && strncmp(sline, "HTTP/1.", 7) == 0 && sline[8] == ' ') {
        ctx->r->status_line = apr_pstrdup(ctx->r->pool, sline + 9);
        ctx->r->proto_num = 1000 + (sline[7]-'0');
        if ((sline[7]-'0') == 0) {
            apr_table_set(ctx->r->subprocess_env, "force-response-1.0", "true");
        } else {
            apr_table_set(ctx->r->subprocess_env, "force-response-1.1", "true");
        }
    }

...should have the 'else' clause removed.

[2008-01-16 15:51 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Oct 27 16:01:27 2024 UTC