httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c
Date Fri, 14 Oct 2016 21:44:41 GMT
Right, though several people have requested it now as errata. Seems likely to be in the final
update for STD.

....Roy


> On Oct 14, 2016, at 2:16 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
> 
>> On Fri, Oct 14, 2016 at 3:48 PM, <wrowe@apache.org> wrote:
>> Author: wrowe
>> Date: Fri Oct 14 20:48:43 2016
>> New Revision: 1764961
>> 
>> URL: http://svn.apache.org/viewvc?rev=1764961&view=rev
>> Log:
>> [...]
>> Apply HttpProtocolOptions Strict to chunk header parsing, invalid
>> whitespace is invalid, line termination must follow CRLF convention.
>> 
>> [...]
>  
>> static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
>> [...]
>  
>> -        else if (c == ' ' || c == '\t') {
>> +        else if (!strict && (c == ' ' || c == '\t')) {
>>              /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3).
>>               */
>>              ctx->state = BODY_CHUNK_CR;
> 
> I'm not sure where this myth came from... 
> 
> https://tools.ietf.org/html/rfc7230#section-4.1
> 
> has *NO* provision for BWS in the chunk size.

Mime
View raw message