Skip Menu |

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 85759
Status: resolved
Priority: 0/
Queue: libwww-perl
People
Owner: Nobody in particular
Requestors: victor [...] vsespb.ru
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 6.05
Fixed in: (no value)

History Show all quoted text
  Fri May 31 06:02:06 2013 victor [...] vsespb.ru - Ticket created
Subject: Response content-length not validated.
If server closes connection, after sending headers, LWP does not validate Content-Length Some PoC code here http://www.perlmonks.org/?node_id=1035977 Example of response that 'GET' tool returns: GET -S -e http://localhost:9903/ GET http://localhost:9903/ --> 200 OK Content-Length: 133 Client-Date: Thu, 30 May 2013 06:41:09 GMT Client-Peer: 127.0.0.1:9903 Client-Response-Num: 1 LNJKjadfkj Also experience same problem in real application (without GET tool) (with callbacks (content_file, content_cb), in SSL mode with Amazon AWS servers.) I am not sure if this a bug, or expected behaviour or just should be documented. But I think it could be handler with headers similar to X-Died or Client-Warning.
  Wed Feb 11 09:07:54 2015 SREZIC [...] cpan.org - Correspondence added
On 2013-05-31 06:02:06, vsespb wrote: Show quoted text
> If server closes connection, after sending headers, LWP does not > validate Content-Length > > Some PoC code here http://www.perlmonks.org/?node_id=1035977 > > Example of response that 'GET' tool returns: > > GET -S -e http://localhost:9903/ > GET http://localhost:9903/ --> 200 OK > Content-Length: 133 > Client-Date: Thu, 30 May 2013 06:41:09 GMT > Client-Peer: 127.0.0.1:9903 > Client-Response-Num: 1 > > LNJKjadfkj > > Also experience same problem in real application (without GET tool) > (with callbacks (content_file, content_cb), in SSL mode with Amazon > AWS servers.) > > I am not sure if this a bug, or expected behaviour or just should be > documented. > But I think it could be handler with headers similar to X-Died or > Client-Warning.
I agree that this is a bug, and should return an HTTP::Response result which says false to is_success().
  Wed Feb 11 09:07:55 2015 The RT System itself - Status changed from 'new' to 'open'
  Fri Mar 31 15:05:45 2017 olaf [...] wundersolutions.com - Correspondence added
Ticket migrated to github as https://github.com/libwww-perl/libwww-perl/issues/234
  Fri Mar 31 15:05:45 2017 olaf [...] wundersolutions.com - Status changed from 'open' to 'resolved'