[En-Nut-Discussion] Failed HTTP request
Harald Kipp
harald.kipp at egnite.de
Wed Apr 20 16:56:31 CEST 2011
Hi all,
using Mozilla 3.6.16 to request pages from nut/httpd sample fails here,
when trying to access any of the protected CGI pages. It looks like
Nut/OS 4.9.10 ignores the authorization header. I'm sure that this
applies to all previous versions as well.
A trace of incoming traffic shows, that the last detected header line was
Accept-Language: en-US,en,de-DE,de;q=0.9,en-....
The line is exactly 511 bytes(!) long, including the trailing LF-CR. The
default max. line size in the HTTP API is 256, specified by
HTTP_MAX_REQUEST_SIZE. However, fgets() will read one less, see
http://en.wikipedia.org/wiki/Fgets
After 2 reads the line-feed character will be left in the buffer. Thus,
the third read will look like an empty line, which is interpreted as the
end of the header. The following header lines, specifically
Authorization: Basic cm9vdDpyb290
are ignored.
Increasing the Max. Request Line Size in the Configurator fixes the
problem. This parameter is found at
Network (application layer) -> HTTP Server API
Well, I do not like this solution. There seems to be no limit defined in
the specs. Apache, for example, excepts up to 8 kBytes.
With a careful web layout I should be able to decrease the input buffer
even below the default, saving some valuable RAM. Remember, that this
buffer will be created for each concurrent connection. I wouldn't care
about ignoring those long lines I'm not interested in anyway.
Did anybody look into this? The bug tracker at sourceforge doesn't show
any related issue and I couldn't find anything in this list's archive.
Thanks,
Harald
More information about the En-Nut-Discussion
mailing list