Debian Bug report logs - #681214
lynx-cur: lynx doesn't truncate downloaded files to Content-Length value

version graph

Package: lynx-cur; Maintainer for lynx-cur is Atsuhito KOHDA <kohda@debian.org>; Source for lynx-cur is src:lynx-cur.

Reported by: Vincent Lefevre <vincent@vinc17.net>

Date: Wed, 11 Jul 2012 13:21:06 UTC

Severity: important

Tags: fixed-upstream

Found in version lynx-cur/2.8.8dev.12-2

Fixed in version lynx-cur/2.8.8dev.14-1

Done: Atsuhito KOHDA <kohda@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#681214; Package lynx-cur. (Wed, 11 Jul 2012 13:21:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
New Bug report received and forwarded. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 11 Jul 2012 13:21:10 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lynx-cur: lynx adds 8 bytes to a downloaded file
Date: Wed, 11 Jul 2012 15:19:12 +0200
Package: lynx-cur
Version: 2.8.8dev.12-2
Severity: important

(maybe a higher severity, because this is a file corruption)

When downloading a file from http://partage-fichiers.ens-lyon.fr/
lynx added 8 bytes to the file:

-rw-r--r-- 1 vlefevre vlefevre 59675248 2012-07-11 14:07:33 tst-exp.tar.xz
-rw-r--r-- 1 vlefevre vlefevre 59675256 2012-07-11 15:02:33 tst-exp.tar.xz.3

$ cmp tst-exp.tar.xz tst-exp.tar.xz.3
cmp: EOF on tst-exp.tar.xz
$ tail -c 8 tst-exp.tar.xz.3 | hd
00000000  35 39 36 37 35 32 34 38                           |59675248|
00000008

w3m has the same problem (same 8 bytes), but Iceweasel and links
are OK.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lynx-cur depends on:
ii  libbsd0       0.4.2-1
ii  libbz2-1.0    1.0.6-3
ii  libc6         2.13-34
ii  libgcrypt11   1.5.0-3
ii  libgnutls26   2.12.20-1
ii  libidn11      1.25-2
ii  libncursesw5  5.9-10
ii  libtinfo5     5.9-10
ii  zlib1g        1:1.2.7.dfsg-13

Versions of packages lynx-cur recommends:
ii  mime-support  3.52-1

lynx-cur suggests no packages.

-- debconf information:
  lynx-cur/defaulturl: http://www.lip.ens-lyon.fr/
  lynx-cur/etc_lynx.cfg:




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#681214; Package lynx-cur. (Thu, 12 Jul 2012 11:51:23 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 12 Jul 2012 11:51:37 GMT) Full text and rfc822 format available.

Message #10 received at 681214@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: 681214@bugs.debian.org
Subject: Re: lynx-cur: lynx adds 8 bytes to a downloaded file
Date: Thu, 12 Jul 2012 13:48:50 +0200
retitle 681214 lynx-cur: lynx doesn't truncate downloaded files to Content-Length value
thanks

On 2012-07-11 15:19:12 +0200, Vincent Lefevre wrote:
> When downloading a file from http://partage-fichiers.ens-lyon.fr/
> lynx added 8 bytes to the file:
> 
> -rw-r--r-- 1 vlefevre vlefevre 59675248 2012-07-11 14:07:33 tst-exp.tar.xz
> -rw-r--r-- 1 vlefevre vlefevre 59675256 2012-07-11 15:02:33 tst-exp.tar.xz.3
> 
> $ cmp tst-exp.tar.xz tst-exp.tar.xz.3
> cmp: EOF on tst-exp.tar.xz
> $ tail -c 8 tst-exp.tar.xz.3 | hd
> 00000000  35 39 36 37 35 32 34 38                           |59675248|
> 00000008

This is actually the file size. This can be reproduced on a small
file:

  http://partage-fichiers.ens-lyon.fr/j1c49rqvm (web page)
  http://partage-fichiers.ens-lyon.fr/j1c49rqvm/download (file)

These links are valid up to 2012-09-10.

FYI:

$ telnet partage-fichiers.ens-lyon.fr 80
GET /j1c49rqvm/download HTTP/1.1
Host: partage-fichiers.ens-lyon.fr

HTTP/1.1 200 OK
Date: Thu, 12 Jul 2012 11:40:23 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze13
Set-Cookie: filez=esgdt25bj270ovmq5jn9jq7b00; path=/
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Disposition: attachment; filename="foo"
Content-Transfer-Encoding: binary
Content-Length: 5
Content-Type: application/octet-stream

test
5[Cursor]

The file should be truncated to the Content-Length value.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)




Changed Bug title to 'lynx-cur: lynx doesn't truncate downloaded files to Content-Length value' from 'lynx-cur: lynx adds 8 bytes to a downloaded file' Request was from Vincent Lefevre <vincent@vinc17.net> to control@bugs.debian.org. (Thu, 12 Jul 2012 11:51:47 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#681214; Package lynx-cur. (Fri, 13 Jul 2012 03:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Fri, 13 Jul 2012 03:49:00 GMT) Full text and rfc822 format available.

Message #17 received at 681214@bugs.debian.org (full text, mbox):

From: ThoMas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.net>, 681214@bugs.debian.org
Subject: Re: Bug#681214: lynx-cur: lynx adds 8 bytes to a downloaded file
Date: Thu, 12 Jul 2012 20:43:05 -0400
[Message part 1 (text/plain, inline)]
On Thu, Jul 12, 2012 at 01:48:50PM +0200, Vincent Lefevre wrote:
> retitle 681214 lynx-cur: lynx doesn't truncate downloaded files to Content-Length value
> thanks
> 
> On 2012-07-11 15:19:12 +0200, Vincent Lefevre wrote:
> > When downloading a file from http://partage-fichiers.ens-lyon.fr/
> > lynx added 8 bytes to the file:
> > 
> > -rw-r--r-- 1 vlefevre vlefevre 59675248 2012-07-11 14:07:33 tst-exp.tar.xz
> > -rw-r--r-- 1 vlefevre vlefevre 59675256 2012-07-11 15:02:33 tst-exp.tar.xz.3
> > 
> > $ cmp tst-exp.tar.xz tst-exp.tar.xz.3
> > cmp: EOF on tst-exp.tar.xz
> > $ tail -c 8 tst-exp.tar.xz.3 | hd
> > 00000000  35 39 36 37 35 32 34 38                           |59675248|
> > 00000008
> 
> This is actually the file size. This can be reproduced on a small
> file:

What you're saying is that the content length is incorrect.

RFC 2616 doesn't appear to specify behavior when the content-length is
incorrect.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#681214; Package lynx-cur. (Fri, 13 Jul 2012 07:48:19 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Fri, 13 Jul 2012 07:48:19 GMT) Full text and rfc822 format available.

Message #22 received at 681214@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: ThoMas Dickey <dickey@his.com>
Cc: 681214@bugs.debian.org
Subject: Re: Bug#681214: lynx-cur: lynx adds 8 bytes to a downloaded file
Date: Fri, 13 Jul 2012 09:22:32 +0200
On 2012-07-12 20:43:05 -0400, ThoMas Dickey wrote:
> What you're saying is that the content length is incorrect.
> 
> RFC 2616 doesn't appear to specify behavior when the content-length is
> incorrect.

No, what I'm saying is that the content-lenth is correct (it is the
real length of the file), but the server sends additional data after
the file contents.

I assume that these data are unspecified (but there occur after the
file has been sent), and most browsers seem to ignore them. In any
case, if lynx is confused by something unspecified, it should display
an error (and exit with a non-zero exit status in case of -dump), not
let the user with a corrupted file.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#681214; Package lynx-cur. (Thu, 16 Aug 2012 10:12:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 16 Aug 2012 10:12:07 GMT) Full text and rfc822 format available.

Message #27 received at 681214@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 681214@bugs.debian.org
Cc: 681214-submitter@bugs.debian.org
Subject: re: #681214 lynx-cur: lynx doesn't truncate downloaded files to Content-Length value
Date: Thu, 16 Aug 2012 04:59:39 -0400
[Message part 1 (text/plain, inline)]
this is fixed in 2.8.8dev.13

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Added tag(s) fixed-upstream. Request was from Thomas Dickey <dickey@his.com> to control@bugs.debian.org. (Thu, 16 Aug 2012 10:12:19 GMT) Full text and rfc822 format available.

Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#681214. (Thu, 16 Aug 2012 10:12:25 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#681214; Package lynx-cur. (Wed, 22 Aug 2012 10:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 22 Aug 2012 10:51:03 GMT) Full text and rfc822 format available.

Message #37 received at 681214@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 681214@bugs.debian.org
Cc: 681214-submitter@bugs.debian.org
Subject: re: #681214 lynx-cur: lynx doesn't truncate downloaded files to Content-Length value
Date: Wed, 22 Aug 2012 06:45:43 -0400
[Message part 1 (text/plain, inline)]
someone reported a problem with this change; the update will be 2.8.8dev.14

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#681214. (Wed, 22 Aug 2012 10:51:14 GMT) Full text and rfc822 format available.

Reply sent to Atsuhito KOHDA <kohda@debian.org>:
You have taken responsibility. (Thu, 23 Aug 2012 07:51:11 GMT) Full text and rfc822 format available.

Notification sent to Vincent Lefevre <vincent@vinc17.net>:
Bug acknowledged by developer. (Thu, 23 Aug 2012 07:51:11 GMT) Full text and rfc822 format available.

Message #45 received at 681214-close@bugs.debian.org (full text, mbox):

From: Atsuhito KOHDA <kohda@debian.org>
To: 681214-close@bugs.debian.org
Subject: Bug#681214: fixed in lynx-cur 2.8.8dev.14-1
Date: Thu, 23 Aug 2012 07:48:04 +0000
Source: lynx-cur
Source-Version: 2.8.8dev.14-1

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 681214@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Atsuhito KOHDA <kohda@debian.org> (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 23 Aug 2012 12:00:21 +0900
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all i386
Version: 2.8.8dev.14-1
Distribution: unstable
Urgency: low
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Atsuhito KOHDA <kohda@debian.org>
Description: 
 lynx       - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
 lynx-cur-wrapper - Wrapper for lynx-cur (transitional package)
Closes: 616107 666213 681214
Changes: 
 lynx-cur (2.8.8dev.14-1) unstable; urgency=low
 .
   * New Upstream Release.
    - correct formatting of large file-sizes in directory listing
      (Closes: #666213)
    - fix an unbounded loop in restrictions_fun() which could cause a core dump
      (Closes: #616107)
    - limit downloaded files by Content-Length if any, to match behavior of IE,
      Firefox and some other browsers; (Closes: #681214)
Checksums-Sha1: 
 30658a5594041de9e96b40339b05c140e7a0f1e2 1290 lynx-cur_2.8.8dev.14-1.dsc
 96f91e1457578122d09bdf2d417a24b42654e3f0 3528793 lynx-cur_2.8.8dev.14.orig.tar.gz
 80e9d5021bdc9de4afeecda10bd1e9c0812ea7c0 31944 lynx-cur_2.8.8dev.14-1.diff.gz
 7fe15f70149d772313f3ca1860933dbeba5b4ef0 223840 lynx-cur-wrapper_2.8.8dev.14-1_all.deb
 38ab600ea05e40c522de4550c16eb10bdcb30888 224210 lynx_2.8.8dev.14-1_all.deb
 0e3afc9ea76016cf08d2b0ab3327f4887e2ada3b 2217190 lynx-cur_2.8.8dev.14-1_i386.deb
Checksums-Sha256: 
 9ba7a8e279bea21296caf0122c7621d95dfd0dc620eb6238ca20a53aecc56cd5 1290 lynx-cur_2.8.8dev.14-1.dsc
 4f211530337acc1126c583fb92f9366848ab605f79f086d46d885befb5e669a9 3528793 lynx-cur_2.8.8dev.14.orig.tar.gz
 46ea417c0c35761afc807122d20a067490f14cf927dbcb8efe061a79afaad417 31944 lynx-cur_2.8.8dev.14-1.diff.gz
 82a7142f543c33886d1599ef5374e66ed1421452068008fa028e9dadb9e93e28 223840 lynx-cur-wrapper_2.8.8dev.14-1_all.deb
 4b6581f83ae23db9c2cb1a1d64252f094e7fb0512ae88e744c033affe323ec3e 224210 lynx_2.8.8dev.14-1_all.deb
 309474bb0e946639694782fddd448f92d68c4b157daed028d4578e0d13a3e625 2217190 lynx-cur_2.8.8dev.14-1_i386.deb
Files: 
 13ae4b46da76438a88f39fa9cc191215 1290 web extra lynx-cur_2.8.8dev.14-1.dsc
 5012c6ae2747fe4f8b727198cd385949 3528793 web extra lynx-cur_2.8.8dev.14.orig.tar.gz
 1c104c339f603f178330eddb48c85b6d 31944 web extra lynx-cur_2.8.8dev.14-1.diff.gz
 676faced70f8d7b1ed8635ce83348948 223840 oldlibs extra lynx-cur-wrapper_2.8.8dev.14-1_all.deb
 a2291ecfe7ade8d2e54ac45e23a215f8 224210 oldlibs extra lynx_2.8.8dev.14-1_all.deb
 bc6644c45d503111e3a8e3a9f6521b68 2217190 web extra lynx-cur_2.8.8dev.14-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlA1zCMACgkQ1IXdL1v6kOxWSgCcCCISf5Ar5nen1vOzRlC6xMv3
z5gAnjbwCiu/Z0K3AqpTlPPc0bO62kSS
=3i7K
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 13 Dec 2013 07:25:54 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 10:46:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.