httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 27715] - Client sending misformed Range "bytes = 0-100" instead "bytes=0-100"
Date Thu, 20 Oct 2005 18:28:05 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=27715>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=27715





------- Additional Comments From wrowe@apache.org  2005-10-20 20:28 -------
Reconsidering 14.35.1 Byte Ranges in RFC2616, and looking at the recent issues
with request/response splitting/spoofing;

-1 on any patch to permit this grammer, however in comment 4 we have a clear
issue, we can't be treating empty space as a zero-value.

Therefore, we should treat the invalid characters (any of them, including
unpermited lws) as a flaw.  Now, back to the original report, how to handle.

I suggest we treat any flawed bytes= sequence as a noop, unset the corresponding
input Range/IfRange header, and provide the complete response.  The broken
client will need to be fixed (it sucks down more data than it intended) but it
should be aware of servers which don't support [it's broken] range syntax, and
therefore even the broken client shouldn't fail.

Sorry if I led in the opposite direction nearly 2 years ago, but in hindsite,
allowing invalid grammer proved to be the fatal flaw in the entire class of
proxy splitting vulnerabilities, since each server was 'differently permissive'
and their permissive and strict interpretations of the headers clashed.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message