Apache 1.3.33 buffer overflow during HTTP transactions??

This is a discussion on Apache 1.3.33 buffer overflow during HTTP transactions?? within the Linux Web Servers forums, part of the Web Server and Related Forums category; Hi, We had recently migrated from Apache 1.3.28 (HP-UX) to Apache 1.3.33 (Linux) and are ...


Go Back   Usenet Forums > Web Server and Related Forums > Linux Web Servers

Reload this Page Apache 1.3.33 buffer overflow during HTTP transactions??

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-25-2005
iamroshan@gmail.com
 
Posts: n/a
Default Apache 1.3.33 buffer overflow during HTTP transactions??
Hi,

We had recently migrated from Apache 1.3.28 (HP-UX) to Apache 1.3.33
(Linux) and are facing a wierd senario where in we have got bad request
responses in the logs at some important pages in the website.

What was triaged till now:
----------------------------
TCP dump was taken and studied: what I found was at the end of a HTTP
post request coming from the client ends with 5 binary characters (this
number varies) which are more than the "Content-Length" specified in
the header. Now the webserver forwards this data specified within the
content length and a response is sent back as expected. The next
request which comes in from the client gets the 5 extra binary
characters prepended to the GET request and this causes a HTTP 400
response. These 5 binary characters show up in the access logs of
apache along with the above mentioned GET request and hex values are
the same.

This behaviour is consistently seen in all the new webservers and was
not observed with the Apache 1.3.28 (HP-UX).

Questions:
------------
1. Just to confirm, is a CRLF expected after the post request? The
request had a content-length of 3025 and was sent to the webserver in
chunks of 1460, 1460 and 110 which totals to 3030 including the extra 5
bytes. Also would the CRLF be included in the 3025 bytes mentioned in
the content-length?

2. Where do these binary values get appended to the POST request from
the client? Is it a bug? Is it a spyware in the client? or is it a
possible spoofing effort?

3. What are the possible impacts of this observed behaviour?

4. Is there any solution for this from a configuration standpoing with
Apache 1.3.33 or will reverting back to Apache 1.3.28 on Linux help?

5. Where do you think I should post this data to get quick resolution?

Thanks in advance,
Roshan
  #2 (permalink)  
Old 11-03-2005
Andy Davidson
 
Posts: n/a
Default Re: Apache 1.3.33 buffer overflow during HTTP transactions??
[iamroshan@gmail.com wrote in comp.infosystems.www.servers.unix]
> 4. Is there any solution for this from a configuration standpoing with
> Apache 1.3.33 or will reverting back to Apache 1.3.28 on Linux help?

I've not seen this, but I hope this reply might be useful - I found some
clients particularly sensitive to bad 'leaky' control/binary data when the
apache 'mime_magic' module was being used. Is this enabled by default in
your Linux httpd.conf ?

If so, try turning it off ?

Are you using the same httpd.conf as you had on your legacy apache
server ? (but with paths changed, perhaps.)

cheers
-a




--
http://fotoserve.com/ -
Superb hand-checked AGFA prints, bright sharp posters,
strong block canvas prints, unique picture bags and gifts
..... from your own digital images.
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:29 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0