httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: RFC: Handling abnormally large chunk sizes
Date Tue, 14 May 2013 21:56:35 GMT
On May 14, 2013, at 8:58 AM, Graham Leggett wrote:

> Hi all,
> 
> I am currently getting to the bottom of a test case that checks httpd's response to an
abnormally large chunk extension from a reverse proxy server. What httpd does now is trigger
an error, causing both the upstream and downstream connections to be terminated and truncated.
Is this the correct way to respond to this?

Is there any other way to handle it?  How long are we talking about?
I certainly wouldn't try to process more than a single input buffer.

> http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-22#section-4.1 says this:
> 
> "All recipients MUST be able to receive and decode the chunked transfer coding and MUST
ignore chunk-ext extensions they do not understand."
> 
> Does the above "they do not understand" requirement include the requirement to ignore
chunk-ext extensions that are too long? (For some arbitrary definition of long)

Probably, but we can fix the requirement if you think it might be
a security issue (or just a bit too silly).  Note that sending
chunk-ext has been deprecated.

....Roy


Mime
View raw message