Etag parser crashes on invalid input

[Ivan Sagalaev]

Etag parser crashes on input with a trailing backslash trying to unquote the string. Apparently Opera 9.64 does send such etag in If-None-Match in some circumstances.

While strictly following HTTP requires to answer with "400 Bad Request" I believe it's too extreme for the real world. We can simply ignore the header in this case.

Patch follows shortly...

[Ivan Sagalaev]

Patch

[Jacob]

I'm not sure the patch as given is the right approach: rfc2616 allows any 8-bit character to be in the contents of an etag, and we should do our best to support that. But crashing is right out.

[Ivan Sagalaev]

It's not about not accepting back-slash. It's about invalid escaping. If etag is exactly single back-slash character then it's perfectly possible to send like this:

If-None-Match: "\\"

What Opera sends here is just invalid.

[Malcolm Tredinnick]

This bug should also be reported to Opera, Ivan.

We really should be sending back a 400 response here, however, since it appears nobody else does, we'll have to play along. The patch looks right, but it means we now have to put Opera in the "not really a web browser" basket to keep al the versions of IE company.

[Malcolm Tredinnick]

(In [10370]) Fixed #10681 -- Work around (by ignoring) invalid ETag headers.

This is a hack to work around problems in the Real World. Apparently, Opera
9.64 has been observed sending malformed headers. We now compromise our high
principles and simply ignore such bad behaviour.

Patch from Ivan Sagalaev.

[Jacob]

Milestone 1.1 deleted