Opened 7 years ago

Closed 6 years ago

#337 closed defect (invalid)

Opera sends an invalid "Content-Length" header over SPDY in some cases

Reported by: www.google.com/accounts/o8/id?id=AItOawmuTQLvuZ1H2YiIDd-n6nhvw5Yfe_HJ0Pw Owned by: vbart
Priority: minor Milestone:
Component: nginx-module Version: 1.3.x
Keywords: Cc:
uname -a: Linux www3 3.8.5-gentoo #1 SMP Thu Apr 4 04:14:38 PDT 2013 x86_64 Intel(R) Xeon(R) CPU L5640 @ 2.27GHz GenuineIntel GNU/Linux
nginx -V: nginx version: nginx/1.3.16 TLS SNI support enabled configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid --lock-path=/var/lock/nginx.lock --with-cc-opt=-I/usr/include --with-ld-opt=-L/usr/lib --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi --http-scgi-temp-path=/var/tmp/nginx/scgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --with-ipv6 --with-pcre --without-http_auth_basic_module --without-http_autoindex_module --without-http_empty_gif_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_map_module --without-http_proxy_module --without-http_referer_module --without-http_scgi_module --without-http_split_clients_module --without-http_upstream_ip_hash_module --without-http_uwsgi_module --with-http_mp4_module --with-http_spdy_module --with-http_stub_status_module --with-http_realip_module --add-module=/var/tmp/portage/www-servers/nginx-1.3.16/work/headers-more-nginx-module-0.19 --with-http_ssl_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --user=nginx --group=nginx

Description

For some reason, Nginx returns a 400 Bad Request when an Opera user attepts to POST data over SPDY.

To reproduce:

Visit https://secure.indieroyale.com/cart
Click on Star
Click pay with PayPal?
Enter Email
Click Purchase.

400 Bad Request is returned.

Error_log shows this:

2013/04/23 03:47:24 [info] 9490#0: *72100667 client sent invalid "Content-Length" header while processing SPDY, client: X.X.X.X, server: www.indieroyale.com, request: "POST /cart/confirm HTTP/1.1", host: "secure.indieroyale.com", referrer: "https://secure.indieroyale.com/cart"

Any ideas ?

Attachments (1)

opera_clbug.jpg (80.9 KB) - added by vbart 6 years ago.
Opera bug with the Content-Length header

Download all attachments as: .zip

Change History (6)

comment:1 Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawmuTQLvuZ1H2YiIDd-n6nhvw5Yfe_HJ0Pw

Thought i'd confirm that Chrome, Firefox & IE work fine.

comment:2 Changed 7 years ago by vbart

  • Owner set to vbart
  • Status changed from new to assigned

comment:3 Changed 7 years ago by vbart

  • Priority changed from critical to minor

comment:4 Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawmuTQLvuZ1H2YiIDd-n6nhvw5Yfe_HJ0Pw

Hi,

Are there any updates on this? Otherwise we will have to turn SPDY off completely as it is not working for anyone on Opera.

Changed 6 years ago by vbart

Opera bug with the Content-Length header

comment:5 Changed 6 years ago by vbart

  • Resolution set to invalid
  • Status changed from assigned to closed
  • Summary changed from SPDY to Opera sends an invalid "Content-Length" header over SPDY in some cases

It looks like, that you have stumbled over a bug in Opera. I cannot reproduce it on my local test environment using a simple POST form, it seems JS on your page is involved somehow, but I've investigated what happens on the wire with your site.

Here is a TLS connection dump of decrypted data using the MITM technique:

00000000  80 02 00 04 00 00 00 0c  00 00 00 01 04 00 00 02 ........ ........
00000010  00 00 00 64 80 02 00 01  00 00 03 63 00 00 00 01 ...d.... ...c....
00000020  00 00 00 00 00 00 38 ea  df a2 51 b2 62 e0 65 e0 ......8. ..Q.b.e.
00000030  42 24 5a 06 1b ff 82 d4  a2 44 7d 4b 3d 0b 03 05 B$Z..... .D}K=...
00000040  8d 08 43 43 6b 05 9f cc  bc d2 0a 85 0a 0b b3 78 ..CCk... .......x
00000050  33 13 4d 85 00 60 e0 95  e4 eb 1b e9 19 1a e9 19 3.M..`.. ........
00000060  5b 58 28 84 41 4c d2 07  72 0d 4d 19 58 40 f9 8d [X(.AL.. r.M.X@..
00000070  41 0c 98 20 4a 8b 52 f5  32 f3 52 32 53 8b f2 2b A.. J.R. 2.R2S..+
00000080  13 73 52 f5 92 f3 73 19  d8 20 e9 92 a1 11 1e 12 .sR...s. . ......
00000090  3a 0a 68 1e b6 2e b4 35  d0 b3 44 13 06 a9 d4 ae :.h....5 ..D.....
000000A0  00 a9 86 87 1c 8c 59 9e  9a 54 00 63 67 15 a4 c2 ......Y. .T.cg...
000000B0  c5 81 41 09 63 56 e8 56  24 65 96 e4 26 02 d5 69 ..A.cV.V $e..&..i
000000C0  e9 03 a4 05 b6 c0 90 81  1f ad f8 60 e0 4b cd d3 ........ ...`.K..
000000D0  0d 0d d6 49 cd 83 b8 00  ae 00 96 3c 19 78 41 81 ...I.... ...<.xA.
000000E0  a9 a3 00 0d 4e 06 76 68  8e 67 d0 06 08 a0 8c 92 ....N.vh .g......
000000F0  92 82 62 2b 7d fd e2 d4  e4 d2 a2 54 bd cc bc 94 ..b+}... ...T....
00000100  cc d4 a2 fc ca c4 9c 54  bd e4 fc 5c fd e4 c4 a2 .......T ...\....
00000110  12 fd e4 fc bc b4 cc a2  5c 80 00 62 60 83 24 33 ........ \..b`.$3
00000120  c6 5b 00 01 08 82 83 1b  00 61 18 06 80 1b 45 4e .[...... .a....EN
00000130  1d 3b 44 88 59 2a 06 e0  07 fb 73 b7 f7 f7 3e f7 .;D.Y*.. ..s...>.
00000140  55 60 4f ad 8a 84 96 a1  36 22 e9 41 1e 3d 8c a4 U`O..... 6".A.=..
00000150  07 5e 2d 45 d2 03 8b ea  a8 f3 17 40 0a f1 f1 a5 .^-E.... ...@....
00000160  25 b9 49 b6 26 06 c6 e6  96 26 46 26 7a 16 7a 86 %.I.&... .&F&z.z.
00000170  06 7a 86 c6 66 96 06 66  a6 c6 a6 e6 d6 00 01 a4 .z..f..f ........
00000180  10 1f 5f 5a 92 9b 6c 6b  62 60 6c 6e 69 62 64 62 .._Z..lk b`lnibdb
00000190  0d 10 80 20 38 c6 01 10  84 01 00 f8 15 47 58 1a ... 8... .....GX.
000001A0  2a 44 24 a6 6f 61 28 0c  0c c5 04 db c5 f8 78 ef *D$.oa(. ......x.
000001B0  b6 5a 4d e5 a5 14 62 2e  69 4f 80 f1 28 01 cf 5c .ZM...b. iO..(..\
000001C0  22 20 20 98 0a 3f 8b 5c  1b ab b3 fa cf 54 98 27 "  ..?.\ .....T.'
000001D0  b9 36 56 67 f5 9f a9 b0  34 72 f3 9e dd 5f bf 00 .6Vg.... 4r..._..
000001E0  52 48 29 cd 4e cd 2b cd  4e cd b5 4d 4e b3 4c 4d RH).N.+. N..MN.LM
000001F0  33 4d 32 34 48 33 4b 4d  36 b0 48 35 32 30 4b 33 3M24H3KM 6.H520K3
00000200  31 4e b4 48 36 37 31 35  30 4e b6 b4 06 08 20 85 1N.H6715 0N.... .
00000210  f8 f8 c2 e4 44 db 00 03  5d 4b 33 4b 63 0b 73 73 ....D... ]K3Kc.ss
00000220  53 5d 43 63 33 4b 03 43  0b 73 4b 23 0b 33 43 6b S]Cc3K.C .sK#.3Ck
00000230  80 00 04 c1 d1 0d 80 50  08 03 c0 55 9c 80 b4 f4 .......P ...U....
00000240  51 21 c6 59 8c 03 f8 a7  fb 7b b7 5d d7 f7 3e f7 Q!.Y.... .{.]..>.
00000250  99 39 95 e2 42 30 b9 2f  55 8b 41 79 e0 72 23 28 .9..B0./ U.Ay.r#(
00000260  0f 5c 6e 04 e5 81 cb 8d  e0 f1 0b 20 85 f8 f8 d2 .\n..... ... ....
00000270  92 dc 64 5b 23 23 4b 53  23 63 43 13 03 6b 80 00 ..d[##KS #cC..k..
00000280  04 c1 31 0e 80 20 0c 00  c0 af 38 c2 42 28 08 91 ..1.. .. ..8.B(..
00000290  98 be 85 a1 30 30 14 13  6c 17 c3 e3 bd 3b 6a 55 ....00.. l....;jU
000002A0  e1 0f 43 28 29 44 38 bd  83 98 8b cf 29 5f de 81 ..C()D8. ....)_..
000002B0  03 a7 c2 f4 2e 34 6d ac  4e 62 b7 0a 13 4d 34 6d .....4m. Nb...M4m
000002C0  ac 4e 62 b7 0a 13 37 34  f3 99 dd de bf 00 52 c8 .Nb...74 ......R.
000002D0  4d 2c 2e 49 2d 4a ce c8  4c 4d b3 4d 4d 35 36 32 M,.I-J.. LM.MM562
000002E0  31 48 4e 31 33 4a 49 b1  4c 4c 34 31 49 32 4a 32 1HN13JI. LL41I2J2
000002F0  4d 34 35 b6 34 35 49 49  b1 34 b6 b4 06 08 20 06 M45.45II .4.... .
00000300  3e d4 82 8a 81 03 20 80  8c 8c 4d 74 14 8c 8c 4d >..... . ..Mt...M
00000310  00 02 88 81 07 b9 30 62  50 04 08 a0 c4 82 82 9c ......0b P.......
00000320  cc e4 c4 92 cc fc 3c fd  0a dd f2 f2 72 dd b4 fc ......<. ....r...
00000330  a2 5c dd d2 a2 9c d4 bc  e4 fc 94 d4 14 80 00 62 .\...... .......b
00000340  60 cb 4d 05 56 34 29 0c  2c 01 fe c1 21 0c 6c c5 `.M.V4). ,...!.l.
00000350  c0 42 35 37 95 81 35 a3  a4 a4 a0 98 81 1d 9a 89 .B57..5. ........
00000360  19 38 60 79 9b 81 19 94  a1 79 01 02 48 3f 39 b1 .8`y.... .y..H?9.
00000370  a8 44 3f 39 3f 2f 2d b3  28 17 00 00 00 ff ff 80 .D?9?/-. (.......
00000380  02 00 06 00 00 00 04 00  00 00 01 00 00 00 01 01 ........ ........
00000390  00 00 00                                         ...

That is what Opera sends to the server over a newly established TLS connection right after the "Purchase" button has been pushed. It contains the SYN_STREAM spdy frame with a block of compressed headers. If we extract, and then decompress this block, we will see this:

00000000  00 0d 00 0a 75 73 65 72  2d 61 67 65 6e 74 00 3c  |....user-agent.<|
00000010  4f 70 65 72 61 2f 39 2e  38 30 20 28 58 31 31 3b  |Opera/9.80 (X11;|
00000020  20 4c 69 6e 75 78 20 78  38 36 5f 36 34 29 20 50  | Linux x86_64) P|
00000030  72 65 73 74 6f 2f 32 2e  31 32 2e 33 38 38 20 56  |resto/2.12.388 V|
00000040  65 72 73 69 6f 6e 2f 31  32 2e 31 35 00 04 68 6f  |ersion/12.15..ho|
00000050  73 74 00 16 73 65 63 75  72 65 2e 69 6e 64 69 65  |st..secure.indie|
00000060  72 6f 79 61 6c 65 2e 63  6f 6d 00 06 61 63 63 65  |royale.com..acce|
00000070  70 74 00 81 74 65 78 74  2f 68 74 6d 6c 2c 20 61  |pt..text/html, a|
00000080  70 70 6c 69 63 61 74 69  6f 6e 2f 78 6d 6c 3b 71  |pplication/xml;q|
00000090  3d 30 2e 39 2c 20 61 70  70 6c 69 63 61 74 69 6f  |=0.9, applicatio|
000000a0  6e 2f 78 68 74 6d 6c 2b  78 6d 6c 2c 20 69 6d 61  |n/xhtml+xml, ima|
000000b0  67 65 2f 70 6e 67 2c 20  69 6d 61 67 65 2f 77 65  |ge/png, image/we|
000000c0  62 70 2c 20 69 6d 61 67  65 2f 6a 70 65 67 2c 20  |bp, image/jpeg, |
000000d0  69 6d 61 67 65 2f 67 69  66 2c 20 69 6d 61 67 65  |image/gif, image|
000000e0  2f 78 2d 78 62 69 74 6d  61 70 2c 20 2a 2f 2a 3b  |/x-xbitmap, */*;|
000000f0  71 3d 30 2e 31 00 0f 61  63 63 65 70 74 2d 6c 61  |q=0.1..accept-la|
00000100  6e 67 75 61 67 65 00 0e  65 6e 2d 55 53 2c 65 6e  |nguage..en-US,en|
00000110  3b 71 3d 30 2e 39 00 0f  61 63 63 65 70 74 2d 65  |;q=0.9..accept-e|
00000120  6e 63 6f 64 69 6e 67 00  0d 67 7a 69 70 2c 20 64  |ncoding..gzip, d|
00000130  65 66 6c 61 74 65 00 07  72 65 66 65 72 65 72 00  |eflate..referer.|
00000140  2b 68 74 74 70 73 3a 2f  2f 73 65 63 75 72 65 2e  |+https://secure.|
00000150  69 6e 64 69 65 72 6f 79  61 6c 65 2e 63 6f 6d 2f  |indieroyale.com/|
00000160  63 61 72 74 2f 63 6f 6e  66 69 72 6d 00 06 63 6f  |cart/confirm..co|
00000170  6f 6b 69 65 01 da 5f 5f  75 74 6d 61 3d 34 30 33  |okie..__utma=403|
00000180  37 39 34 32 34 2e 31 30  35 32 36 30 35 37 36 30  |79424.1052605760|
00000190  2e 31 33 36 39 30 31 38  37 39 33 2e 31 33 36 39  |.1369018793.1369|
000001a0  30 36 32 37 35 35 2e 31  33 36 39 30 36 35 33 35  |062755.136906535|
000001b0  37 2e 34 3b 20 5f 5f 75  74 6d 62 3d 34 30 33 37  |7.4; __utmb=4037|
000001c0  39 34 32 34 2e 38 2e 31  30 2e 31 33 36 39 30 36  |9424.8.10.136906|
000001d0  35 33 35 37 3b 20 5f 5f  75 74 6d 63 3d 34 30 33  |5357; __utmc=403|
000001e0  37 39 34 32 34 3b 20 5f  5f 75 74 6d 7a 3d 34 30  |79424; __utmz=40|
000001f0  33 37 39 34 32 34 2e 31  33 36 39 30 31 38 37 39  |379424.136901879|
00000200  33 2e 31 2e 31 2e 75 74  6d 63 73 72 3d 28 64 69  |3.1.1.utmcsr=(di|
00000210  72 65 63 74 29 7c 75 74  6d 63 63 6e 3d 28 64 69  |rect)|utmccn=(di|
00000220  72 65 63 74 29 7c 75 74  6d 63 6d 64 3d 28 6e 6f  |rect)|utmcmd=(no|
00000230  6e 65 29 3b 20 64 75 6b  65 6e 75 6b 65 6d 3d 63  |ne); dukenukem=c|
00000240  66 39 65 66 35 62 31 30  66 36 65 63 30 38 65 32  |f9ef5b10f6ec08e2|
00000250  30 36 66 34 33 61 38 63  37 34 35 30 33 63 39 3b  |06f43a8c74503c9;|
00000260  20 5f 5f 71 63 61 3d 50  30 2d 39 36 39 33 38 37  | __qca=P0-969387|
00000270  37 35 2d 31 33 36 39 30  31 38 37 39 32 38 36 31  |75-1369018792861|
00000280  3b 20 5f 5f 75 74 6d 61  3d 32 32 39 35 32 33 31  |; __utma=2295231|
00000290  34 30 2e 31 32 31 37 34  33 35 38 33 31 2e 31 33  |40.1217435831.13|
000002a0  36 39 30 36 35 36 38 30  2e 31 33 36 39 30 36 35  |69065680.1369065|
000002b0  36 38 30 2e 31 33 36 39  30 36 35 36 38 30 2e 31  |680.1369065680.1|
000002c0  3b 20 5f 5f 75 74 6d 63  3d 32 32 39 35 32 33 31  |; __utmc=2295231|
000002d0  34 30 3b 20 5f 5f 75 74  6d 7a 3d 32 32 39 35 32  |40; __utmz=22952|
000002e0  33 31 34 30 2e 31 33 36  39 30 36 35 36 38 30 2e  |3140.1369065680.|
000002f0  31 2e 31 2e 75 74 6d 63  73 72 3d 28 64 69 72 65  |1.1.utmcsr=(dire|
00000300  63 74 29 7c 75 74 6d 63  63 6e 3d 28 64 69 72 65  |ct)|utmccn=(dire|
00000310  63 74 29 7c 75 74 6d 63  6d 64 3d 28 6e 6f 6e 65  |ct)|utmcmd=(none|
00000320  29 3b 20 6d 61 73 74 65  72 63 68 69 65 66 3d 65  |); masterchief=e|
00000330  65 33 32 34 30 63 64 36  32 64 64 39 61 61 34 34  |e3240cd62dd9aa44|
00000340  62 32 62 35 61 35 33 39  35 34 64 64 39 33 39 3b  |b2b5a53954dd939;|
00000350  00 0e 63 6f 6e 74 65 6e  74 2d 6c 65 6e 67 74 68  |..content-length|
00000360  00 08 32 33 34 2c 20 32  33 34 00 0c 63 6f 6e 74  |..234, 234..cont|
00000370  65 6e 74 2d 74 79 70 65  00 21 61 70 70 6c 69 63  |ent-type.!applic|
00000380  61 74 69 6f 6e 2f 78 2d  77 77 77 2d 66 6f 72 6d  |ation/x-www-form|
00000390  2d 75 72 6c 65 6e 63 6f  64 65 64 00 06 6d 65 74  |-urlencoded..met|
000003a0  68 6f 64 00 04 50 4f 53  54 00 06 73 63 68 65 6d  |hod..POST..schem|
000003b0  65 00 05 68 74 74 70 73  00 07 76 65 72 73 69 6f  |e..https..versio|
000003c0  6e 00 08 48 54 54 50 2f  31 2e 31 00 03 75 72 6c  |n..HTTP/1.1..url|
000003d0  00 0d 2f 63 61 72 74 2f  63 6f 6e 66 69 72 6d     |../cart/confirm|
000003df

You can see that it contains the content-length header with 234, 234 value. It is invalid and looks like two content-length headers have been concatenated in one.

You can also observe it simply by enabling nginx debug log, or by using Opera dragonfly:
Opera bug with the Content-Length header

I close the ticket since it is not related to nginx. You should report about this issue to Opera team.

Note: See TracTickets for help on using tickets.