Closed
Bug 727495
Opened 12 years ago
Closed 12 years ago
Corrupted Content Error on internal University of Waterloo website
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 742174
People
(Reporter: tallOwen, Unassigned)
Details
Attachments
(1 file)
1.29 MB,
text/plain
|
Details |
A website quest.uwaterloo.ca, returns a Corrupted Content Error upon login. This is a regression as it seems to work on the release branch. I sit in mountain view with the webdevs if anyone needs my help triaging this.
Comment 1•12 years ago
|
||
Getting a http log of the connection would be helpful. https://developer.mozilla.org/en/HTTP_Logging
Reporter | ||
Comment 2•12 years ago
|
||
Comment 3•12 years ago
|
||
Is this the issue ? nsHttpTransaction::ParseLine [Location: ]
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
QA Contact: untriaged → networking.http
Comment 4•12 years ago
|
||
Yep. That response is not distinguishable from a header-splitting attack, iirc. Patrick, can we mark this blocking the bug where we disallowed such responses? Owen, would you be willing to contact the site maintainer?
Comment 5•12 years ago
|
||
A null location header is both out of spec and carries with it an exploitable response smuggling attack - so we don't honor responses that carry it. it would be great if you could contact the server admins. (In reply to Boris Zbarsky (:bz) from comment #4) > Yep. That response is not distinguishable from a header-splitting attack, > iirc. Patrick, can we mark this blocking the bug where we disallowed such > responses? the original bug is still security-screened.. while it waits for a cve I think.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Comment 6•12 years ago
|
||
OK. As long as we have _some_ way to track the issues, I don't care what that way is.
Comment 7•12 years ago
|
||
Fixed by 742174: by popular demand we are now allowing empty Location headers again.
You need to log in
before you can comment on or make changes to this bug.
Description
•