Re: Headers Spanning in multiple TCP segment.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 11, 2010 at 2:45 PM, rangeli nepal <rangeli.nepal@xxxxxxxxx> wrote:
> Just to verify my suspicion about the payload I set the authorization header
> to my name. It works well.  I mean it went well fore small pay load.
> However, with the token it determines that it is a bad request before it get
> the full header.
>
> An example of tcpdump
> 14:33:57.928844 IP blueye.cis.foo.com.3190 > 10.31.30.26.http: .
> 17:1377(1360) ack 1 win 65044
>         0x0000:  4500 0578 a714 4000 7d06 e80f c0a8 807a  E..x..@.}......z
>         0x0010:  0a1f 1e1a 0c76 0050 006b ff83 4832 346d  .....v.P.k..H24m
>         0x0020:  5010 fe14 86b8 0000 4175 7468 6f72 697a  P.......Authoriz
>         0x0030:  6174 696f 6e3a 2053 414d 4c32 2061 7373  ation:.SAML2.ass
>         0x0040:  6572 7469 6f6e 3d7a 5666 6263 7170 4b45  ertion=zVfbcqpKE
>         0x0050:  4832 3379 6e2b 7732 492b 7042 4e42 676f  H23yn+w2I+pBNBgo
>         0x0060:  6858 6478 6456 6777 4551 4546 4e2b 346a  hXdxdVgwEQEFN+4j
>         0x0070:  4944 4351 4267 5139 4f76 506f 4e46 6a62  IDCQBgQ9OvPoNFjb
>         0x0080:  7676 7363 336b 3456 7157 556e 7537 4636  vvsc3k4VqWUnu7F6
>         0x0090:  7458 540a 4d35 3248 6e31 5563 7462 5967  tXT.M52Hn1UctbYg

You've got a newline (hex 0a) in there, so httpd thinks a new header
field starts afterwards, with name "M52Hn1Uct...".

>         0x0020:  5018 042e 6c48 0000 4854 5450 2f31 2e31  P...lH..HTTP/1.1
>         0x0030:  2034 3030 2042 6164 2052 6571 7565 7374  .400.Bad.Request
>         0x0040:  0d0a 4461 7465 3a20 5375 6e2c 2031 3120  ..Date:.Sun,.11.
>         0x0050:  4170 7220 3230 3130 2031 383a 3333 3a35  Apr.2010.18:33:5
>         0x0060:  3720 474d 540d 0a53 6572 7665 723a 2041  7.GMT..Server:.A
>         0x0070:  7061 6368 652f 322e 322e 3135 2028 556e  pache/2.2.15.(Un
>         0x0080:  6978 2920 6d6f 645f 7373 6c2f 322e 322e  ix).mod_ssl/2.2.
>         0x0090:  3135 204f 7065 6e53 534c 2f30 2e39 2e37  15.OpenSSL/0.9.7
>         0x00a0:  6120 6d6f 645f 6a6b 2f31 2e32 2e33 300d  a.mod_jk/1.2.30.
>         0x00b0:  0a43 6f6e 7465 6e74 2d4c 656e 6774 683a  .Content-Length:
>         0x00c0:  2034 3938 0d0a 436f 6e6e 6563 7469 6f6e  .498..Connection
>         0x00d0:  3a20 636c 6f73 650d 0a43 6f6e 7465 6e74  :.close..Content
>         0x00e0:  2d54 7970 653a 2074 6578 742f 6874 6d6c  -Type:.text/html
>         0x00f0:  3b20 6368 6172 7365 743d 6973 6f2d 3838  ;.charset=iso-88
>         0x0100:  3539 2d31 0d0a 0d0a 3c21 444f 4354 5950  59-1....<!DOCTYP
>         0x0110:  4520 4854 4d4c 2050 5542 4c49 4320 222d  E.HTML.PUBLIC."-
>         0x0120:  2f2f 4945 5446 2f2f 4454 4420 4854 4d4c  //IETF//DTD.HTML
>         0x0130:  2032 2e30 2f2f 454e 223e 0a3c 6874 6d6c  .2.0//EN">.<html
>         0x0140:  3e3c 6865 6164 3e0a 3c74 6974 6c65 3e34  ><head>.<title>4
>         0x0150:  3030 2042 6164 2052 6571 7565 7374 3c2f  00.Bad.Request</
>         0x0160:  7469 746c 653e 0a3c 2f68 6561 643e 3c62  title>.</head><b
>         0x0170:  6f64 793e 0a3c 6831 3e42 6164 2052 6571  ody>.<h1>Bad.Req
>         0x0180:  7565 7374 3c2f 6831 3e0a 3c70 3e59 6f75  uest</h1>.<p>You
>         0x0190:  7220 6272 6f77 7365 7220 7365 6e74 2061  r.browser.sent.a
>         0x01a0:  2072 6571 7565 7374 2074 6861 7420 7468  .request.that.th
>         0x01b0:  6973 2073 6572 7665 7220 636f 756c 6420  is.server.could.
>         0x01c0:  6e6f 7420 756e 6465 7273 7461 6e64 2e3c  not.understand.<
>         0x01d0:  6272 202f 3e0a 5265 7175 6573 7420 6865  br./>.Request.he
>         0x01e0:  6164 6572 2066 6965 6c64 2069 7320 6d69  ader.field.is.mi
>         0x01f0:  7373 696e 6720 273a 2720 7365 7061 7261  ssing.':'.separa
>         0x0200:  746f 722e 3c62 7220 2f3e 0a3c 7072 653e  tor.<br./>.<pre>
>         0x0210:  0a4d 3532 486e 3155 6374 6259 6751 3245  .M52Hn1UctbYgQ2E

Here it appears in the error response as the header field with a problem.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux