Closed Bug 727495 Opened 12 years ago Closed 12 years ago

Corrupted Content Error on internal University of Waterloo website

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 742174

People

(Reporter: tallOwen, Unassigned)

Details

Attachments

(1 file)

http log
1.29 MB, text/plain
Details 
A website quest.uwaterloo.ca, returns a Corrupted Content Error upon login. This is a regression as it seems to work on the release branch. I sit in mountain view with the webdevs if anyone needs my help triaging this.
Getting a http log of the connection would be helpful. https://developer.mozilla.org/en/HTTP_Logging
Attached file http log 

    
    

    
  
Is this the issue ?
nsHttpTransaction::ParseLine [Location: ]
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
QA Contact: untriaged → networking.http

    
    

    
  
Yep.  That response is not distinguishable from a header-splitting attack, iirc.  Patrick, can we mark this blocking the bug where we disallowed such responses?

Owen, would you be willing to contact the site maintainer?

    
    

    
  
A null location header is both out of spec and carries with it an exploitable response smuggling attack - so we don't honor responses that carry it.

it would be great if you could contact the server admins.

(In reply to Boris Zbarsky (:bz) from comment #4)
> Yep.  That response is not distinguishable from a header-splitting attack,
> iirc.  Patrick, can we mark this blocking the bug where we disallowed such
> responses?

the original bug is still security-screened.. while it waits for a cve I think.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE

    
    

    
  
OK.  As long as we have _some_ way to track the issues, I don't care what that way is.

    
    

    
  
Fixed by 742174: by popular demand we are now allowing empty Location headers again.

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: