Motion - Bug Report 2005x 05x 02x 180550

BUG: Http Header issue in http control

As described at http://dotnetjunkies.com/WebLog/afontes/archive/2004/10/15/28726.aspx motion headers cause HTTP protocol violation when using DOT.NET

The issue

The HTTP header keys for example shoud specifically not include any spaces in their names. However, some web servers do not fully respect standards they’re meant to.

Applications running on the Dotnet framework and making heavy use of http requests usually use the “httpWebRequest” class, which encapsulates everything a web oriented developer could dream of. With all the recently issues related to security, the “httpWebRequest” class provides a self protection mechanism preventing it to accept HTTP answers which not fully qualify to the specifications.

The common case is having a space in the ‘content-length’ header key. The server actually returns a “content length” key, which, assuming no spaces are allowed, is considered as an attack vector (HTTP response split attack), thus, triggering a “HTTP protocol violation error” exception.

Test case

WebRequest request = WebRequest.Create("http://192.168.0.1:8081");
WebResponse response = request.GetResponse();

Environment

Motion version: 3.2.1
ffmpeg version:  
Shared libraries: curl, xmlrpc, ffmpeg, mysql, postgresql
Server OS: Fedora Core 3

-- RobertH - 02 May 2005

Follow up

I do not understand the issue. And I cannot reproduce the issue because that requires that I learn .net programming first and I have no intention to spend time on that.

What exactly is wrong with the headers? I see no spaces in the header names. I see "-". What do you propose changed?

This is the relevant code
fprintf(new->fwrite, "HTTP/1.1 200 OK\n");
fprintf(new->fwrite, "Server: Motion/"VERSION"\n");
fprintf(new->fwrite, "Connection: close\n");
fprintf(new->fwrite, "Max-Age: 0\n");
fprintf(new->fwrite, "Expires: 0\n");
fprintf(new->fwrite, "Cache-Control: no-cache\n");
fprintf(new->fwrite, "Cache-Control: private\n");
fprintf(new->fwrite, "Pragma: no-cache\n");
fprintf(new->fwrite, "Content-type: multipart/x-mixed-replace;boundary=BoundaryString\n");

and the small header

fprintf(list->fwrite, "\n--BoundaryString\n");
fprintf(list->fwrite, "Content-type: image/jpeg\n");
fprintf(list->fwrite, "Content-Length: %ld\n\n", list->tmpfile->size-1);

-- KennethLavrsen - 02 May 2005

OK, I will work with the motion source I have and find out why System.net classes in .NET are complaining and let you know my findings -- RobertH - 03 May 2005

Follow up

HTTP Headers mustbe \r\n, see my bug report with correct webcam.c -- RobertoSpadim - 05 May 2005

Fix record

This patch fixes the bug

-- AngelCarpintero - 06 May 2005


Fixed in http://www.lavrsen.dk/twiki/bin/view/Motion/MotionRelease3x2x1snap16

-- KennethLavrsen - 08 May 2005
Topic attachments
I Attachment Action Size Date Who Comment
webcam.cc webcam.c manage 7 K 05 May 2005 - 14:56 UnknownUser correct webcam.c
Topic revision: r9 - 29 May 2005, KennethLavrsen
Copyright © 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Please do not email Kenneth for support questions (read why). Use the Support Requests page or join the Mailing List.
This website only use harmless session cookies. See Cookie Policy for details. By using this website you accept the use of these cookies.