Incorrect forcing from HTTP/1.0 request to HTTP/1.1 response

Bug #42779	Incorrect forcing from HTTP/1.0 request to HTTP/1.1 response
Submitted:	2007-09-27 16:40 UTC	Modified:	2008-11-12 19:07 UTC
From:	aya at eh dot org	Assigned:	iliaa (profile)
Status:	Closed	Package:	Apache2 related
PHP Version:	5.2.1	OS:	*
Private report:	No	CVE-ID:	None

[2007-09-27 16:40 UTC] aya at eh dot org

Description:
------------
There seems to have been a change in the 'Connection' output header for HTTP/1.0 requests somewhere between PHP v5.2.0 and PHP v5.2.3.

IIRC, according to the relevant RFCs, When processing an HTTP/1.0 request, the server should respond with an HTTP/1.1 response line if it supports HTTP/1.1, but the entity headers should be compatible with HTTP/1.0.

A simple "GET / HTTP/1.0" to a PHP page in v5.2.0 returns...

HTTP/1.1 200 OK
Connection: close
...other stuff...

...and then closes the connections as soon as the entity has been sent.

However, the same request in v5.2.3 returns...

HTTP/1.1 200 OK
...other stuff...

...and then waits for another request, without sending a "Connection: keep-alive" header. This is the correct behaviour for an HTTP/1.1 request, but not an HTTP/1.0 request.

In practise, this change prevents apachebench from working correctly against PHP scripts.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-09-28 14:58 UTC] aya at eh dot org

After having done some more research, I think I've found the problem. I believe it was introduced in PHP v5.2.1 in sapi/apache2handler/sapi_apache2.c revision 1.57.2.10.2.8 as part of the fix for bug #38602.

It's reasonable to downgrade the protocol version to HTTP/1.0 upon receiving a header beginning with "HTTP/1.0 ", but upgrading the protocol version to HTTP/1.1 upon receiving a header beginning with "HTTP/1.1 " is wrong.

If an HTTP/1.1 webserver receives an HTTP/1.0 request, it should respond with a header beginning with "HTTP/1.1 " to indicate to the client that it is capable of processing HTTP/1.1 requests, BUT the following response should still be an HTTP/1.0 response.

The section of the code which reads...
    /* httpd requires that r->status_line is set to the first digit of
     * the status-code: */
    if (sline && strlen(sline) > 12 && strncmp(sline, "HTTP/1.", 7) == 0 && sline[8] == ' ') {
        ctx->r->status_line = apr_pstrdup(ctx->r->pool, sline + 9);
        ctx->r->proto_num = 1000 + (sline[7]-'0');
        if ((sline[7]-'0') == 0) {
            apr_table_set(ctx->r->subprocess_env, "force-response-1.0", "true");
        } else {
            apr_table_set(ctx->r->subprocess_env, "force-response-1.1", "true");
        }
    }

...should have the 'else' clause removed.

[2008-01-16 15:51 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.