GNU bug report logs - #16220
url-http.el: Not conforming to HTTP spec

Previous Next

Package: emacs;

Reported by: Jarosław Rzeszótko <sztywny <at> gmail.com>

Date: Sun, 22 Dec 2013 20:53:01 UTC

Severity: normal

Tags: patch

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Jarosław Rzeszótko <sztywny <at> gmail.com>
To: Ted Zlatanov <tzz <at> lifelogs.com>
Cc: 16220 <at> debbugs.gnu.org
Subject: bug#16220: url-http.el: Not conforming to HTTP spec
Date: Mon, 23 Dec 2013 07:51:57 +0100

Hi,

No, this does not seem directly related - I can't reproduce the GH
error neither with or without my fix, and from the discussion at the
end of the GH issue, it seems it has been fixed by the elpa guys by
adjusting server configuration.

As for the validity of the fix, I found the passage in the spec the
addresses this issue directly (once again from
http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html):

"Certain buggy HTTP/1.0 client implementations generate extra CRLF's
after a POST request. To restate what is explicitly forbidden by the
BNF, an HTTP/1.1 client MUST NOT preface or follow a request with an
extra CRLF."

The BNF this refers to is this:

generic-message = start-line
                  *(message-header CRLF)
                  CRLF
                  [ message-body ]
start-line      = Request-Line | Status-Line

And finally:

"When a Content-Length is given in a message where a message-body is
allowed, its field value MUST exactly match the number of OCTETs in
the message-body. HTTP/1.1 user agents MUST notify the user when an
invalid length is received and detected."

I hope this is enough of a proof that the extra newline is a bug.

Cheers,
Jarosław Rzeszótko

2013/12/22 Ted Zlatanov <tzz <at> lifelogs.com>:
> On Sun, 22 Dec 2013 22:55:07 +0100 Jarosław Rzeszótko <sztywny <at> gmail.com> wrote:
>
> JR> To turn this into a concrete proposal: I suggest this part in url-http.el
> JR> (starting line 356 in trunk):
>
> JR> ;; End request
> JR> "\r\n"
> JR> ;; Any data
> JR> url-http-data
> JR> ;; If `url-http-data' is nil, avoid two CRLFs (Bug#8931).
> JR> (if url-http-data "\r\n")))
>
> JR> Should read simply:
>
> JR> ;; End request
> JR> "\r\n"
> JR> ;; Any data
> JR> url-http-data))
> ...
> JR> Futhermore url-http-attempt-keepalives should be nil as default, or better
> JR> yet should be completely removed, as true keepalive connections are anyway
> JR> not currently supported on the Emacs side, are they?
>
> Jarosław,
>
> can you please check if your fix corrects
> https://github.com/milkypostman/melpa/issues/1193 which seems somewhat related?
>
> I don't know much about this area but your fix could help this annoying
> issue as well, if it's valid.
>
> Ted
This bug report was last modified 11 years and 123 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.