Tcl Source Code

View Ticket
Login
Bounty program for improvements to Tcl and certain Tcl packages.
Ticket UUID: 2a94652ee10cae20c0b54cf9fd6516eb01daadd5
Title: http package reply "100 continue" code broken
Type: Bug Version: 8.6.7
Submitter: oehhar Created on: 2017-08-30 14:23:17
Subsystem: 29. http Package Assigned To: oehhar
Priority: 5 Medium Severity: Critical
Status: Closed Last Modified: 2017-08-31 10:03:56
Resolution: Fixed Closed By: oehhar
    Closed on: 2017-08-31 10:03:56
Description:

http 2.8.11 package does not correctly ignore "100 Continue" replies. The relevant code is broken.

What happens? https://tools.ietf.org/html/rfc7231#section-6.2.1

The first line of a web server reply contains the status. If this is:

HTTP/1.1 100 Contine
the real header will follow as a following line.

The current code correctly ignores the continue status, but does not expect a following status line.

The insertion of a set to state "connecting" fixes that (around line 1034):

proc http::Event {sock token} {
...
	    # We ignore HTTP/1.1 100 Continue returns. RFC2616 sec 8.2.3
	    if {$state(http) == "" || ([regexp {^\S+\s(\d+)} $state(http) {} x] && $x == 100)} {
		set state(state) "connecting"
		return
	    }

At least, inserting this line cured the communication for me with TCLWS and a .net server.

User Comments: oehhar added on 2017-08-31 10:03:56:

Ok, committed to all branches.

Thank you !


jan.nijtmans added on 2017-08-31 08:56:30:
Well, I cannot find anything wrong with it. So, just go ahead (with merging to core-8-6-branch -> trunk -> novem)! Thanks!

oehhar added on 2017-08-31 06:35:22:

Branch [bug-2a94652ee1] with commit [b80bf5033f] inserts the proposed line and increses the version number of the http number.

I would appreciate a review before merge or just a merge.

The fix is IMHO ok and works well for me. The review is mor for formal issues like version number increment and targeting branches.