Bug#768797: HTTP method parser gets into wrong state upon 416 reply with Content-Length > 0
Package: apt
Version: 1.0.9.3
Severity: normal
Tags: patch
I ran “apt-get -o Debug::Acquire::http=true update 2>/tmp/apt-log” and
looked at /tmp/apt-log. The way I interpret the log I’ve attached below
is that apt gets a HTTP/1.1 416 reply, but doesn’t read the reply body
(212 bytes according to the Content-Length). These bytes are then read
when apt expects the next reply, thus confusing the HTTP parser for all
further replies on this TCP connection.
In this particular apt run, this manifested itself as
“Bad header line [IP: 2a00:c98:2030:a034::21 80]” at some point during
the update, as the parser was getting a (compressed) reply when it
expected header lines.
I’ve looked into the apt source, and I think the problem is here:
apt/methods/server.cc:188:
// §14.16 says 'byte-range-resp-spec' should be a '*' in case of 416
if (Result == 416 && sscanf(Val.c_str(), "bytes */%llu",&Size) == 1)
{
StartPos = 1; // ignore Content-Length, it would override Size
HaveContent = false;
}
This code is still present in the (latest, as of writing this) version 1.1~exp8 of apt.
I think the HaveContent = false; line is the problem and makes apt not
skip the reply.
I would have tested and verified this and sent a patch, but there’s no
testsuite for this part of the code, so I couldn’t easily verify that
this was the problem and that my fix is correct, and neither could I
verify that the suggested fix doesn’t break anything else. Hence I’ll
leave it up to you to fix it.
Thanks in advance.
Here is the log:
GET /debian/dists/testing/non-free/source/Sources.xz HTTP/1.1
Host: mirror.de.leaseweb.net
Cache-Control: max-age=0
Range: bytes=100792-
If-Range: Sun, 09 Nov 2014 02:11:56 GMT
User-Agent: Debian APT-HTTP/1.3 (1.0.9.3)
[…]
Answer for: http://mirror.de.leaseweb.net/debian/dists/testing/non-free/source/Sources.xz
HTTP/1.1 416 Requested Range Not Satisfiable
Server: nginx/1.6.2
Date: Sun, 09 Nov 2014 10:11:24 GMT
Content-Type: text/html
Content-Length: 212
Connection: keep-alive
Content-Range: bytes */100792
Answer for: http://http.debian.net/debian-security/dists/testing/updates/contrib/source/Sources.bz2
HTTP/1.1 302 Found
Date: Sun, 09 Nov 2014 10:11:24 GMT
Location: http://debian.morphium.info/debian-security/dists/testing/updates/contrib/source/Sources.bz2
Content-Type: text/plain
Vary: Accept-Encoding
Transfer-Encoding: chunked
[…]
GET /debian/dists/testing/non-free/binary-amd64/Packages.xz HTTP/1.1
Host: mirror.de.leaseweb.net
Cache-Control: max-age=0
Range: bytes=363662-
If-Range: Sun, 09 Nov 2014 08:12:01 GMT
User-Agent: Debian APT-HTTP/1.3 (1.0.9.3)
Answer for: http://mirror.de.leaseweb.net/debian/dists/testing/non-free/binary-amd64/Packages.xz
<html>
<head><title>416 Requested Range Not Satisfiable</title></head>
<body bgcolor="white">
<center><h1>416 Requested Range Not Satisfiable</h1></center>
<hr><center>nginx/1.6.2</center>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 09 Nov 2014 10:11:24 GMT
Content-Type: application/octet-stream
Content-Length: 85104
Last-Modified: Sun, 09 Nov 2014 02:12:00 GMT
Connection: keep-alive
ETag: "545ecd70-14c70"
Accept-Ranges: bytes
Reply to: