After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 588658 - Support header-only response without CRLF CRLF
Support header-only response without CRLF CRLF
Status: RESOLVED OBSOLETE
Product: libsoup
Classification: Core
Component: HTTP Transport
2.24.x
Other All
: Normal enhancement
: ---
Assigned To: libsoup-maint@gnome.bugs
libsoup-maint@gnome.bugs
Depends on:
Blocks:
 
 
Reported: 2009-07-15 13:56 UTC by Arnout Vandecappelle
Modified: 2018-09-21 16:02 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Accept a response that ends with a single CRLF (or LF) as valid (1.22 KB, patch)
2009-07-15 13:57 UTC, Arnout Vandecappelle 		rejected Details | Review

Description Arnout Vandecappelle 2009-07-15 13:56:43 UTC 
I have a stupid IP camera from Arecont that gives the following reply on an unauthenticated request:

HTTP/1.0 401 Unauthorized\r\n
WWW-Authenticate: Basic\r\n
<EOF>

Since it doesn't end with \r\n\r\n, soup errors out with an IO error.

Patch follows.
Comment 1 Arnout Vandecappelle 2009-07-15 13:57:30 UTC 
Created attachment 138444 [details] [review]
Accept a response that ends with a single CRLF (or LF) as valid
Comment 2 Dan Winship 2009-07-15 14:31:44 UTC 
In general, such a response would indicate that the connection had been interrupted before the server finished sending the response, so we shouldn't just accept it blindly. In particular, if the response had been:

    HTTP/1.0 200 OK\r\n
    Content-Length: 1000\r\n
    <EOF>

it would obviously be wrong to consider the message as legitimately ended at that point. So at a minimum, we can only accept "\r\n<EOF>" as a terminator if the message would have been EOF-terminated anyway. (This requires parsing the headers before deciding whether or not to error out though...)

bug 577386 is somewhat related. I've got a bunch of soup-message-io changes pending in my head right now that I just need to figure out how to fit together.
Comment 3 Arnout Vandecappelle 2009-07-15 14:46:33 UTC 
(In reply to comment #2)
> In general, such a response would indicate that the connection had been
> interrupted before the server finished sending the response, so we shouldn't
> just accept it blindly. In particular, if the response had been:
> 
>     HTTP/1.0 200 OK\r\n
>     Content-Length: 1000\r\n
>     <EOF>

In this particular case, I think you'd still get an IO error in the body_chunk, no?  The behaviour with the patch is AFAICS equivalent to when the server would have sent

HTTP/1.0 200 OK\r\n
Content-Length: 1000\r\n
\r\n
<EOF>

But probably the following is indeed wrong:

HTTP/1.0 200 OK\r\n
<EOF>

This would result in a valid (empty) body chunk, I think.

I don't think there is any way to solve this correctly.  After all, it _is_ a broken-off response that we get here...

FYI, in wget they treat EOF as end of headers.
Comment 4 Dan Winship 2015-02-10 11:58:16 UTC 
[mass-moving all "UNCONFIRMED" libsoup bugs to "NEW" after disabling the "UNCONFIRMED" status for this product now that bugzilla.gnome.org allows that. bugspam-libsoup-20150210]
Comment 5 GNOME Infrastructure Team 2018-09-21 16:02:39 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/libsoup/issues/23.