Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B0F8B200BA6 for ; Tue, 18 Oct 2016 19:28:17 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id AF7FD160AE5; Tue, 18 Oct 2016 17:28:17 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id CEE11160ACE for ; Tue, 18 Oct 2016 19:28:16 +0200 (CEST) Received: (qmail 92232 invoked by uid 500); 18 Oct 2016 17:28:15 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 92222 invoked by uid 99); 18 Oct 2016 17:28:15 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Oct 2016 17:28:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 5C332C0A88 for ; Tue, 18 Oct 2016 17:28:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.279 X-Spam-Level: * X-Spam-Status: No, score=1.279 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=rowe-clan-net.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id GyEtjJVV71Oz for ; Tue, 18 Oct 2016 17:28:13 +0000 (UTC) Received: from mail-it0-f49.google.com (mail-it0-f49.google.com [209.85.214.49]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id EE3AC5FB00 for ; Tue, 18 Oct 2016 17:28:12 +0000 (UTC) Received: by mail-it0-f49.google.com with SMTP id 4so88465596itv.0 for ; Tue, 18 Oct 2016 10:28:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rowe-clan-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=+ajTeCrHXT21FHliVearHGJMsJ4bDQk6PTTQQEenMb8=; b=0Y31gxBgkADpdvWiyx0Kl3VzrviSEsMzf2TFo4t3k/3txMqen8RPByCCENza+EMXFz X7Vx6AX9FcJTabwqcib6kC7tZPfXpMS1KohnphWCGiGH8delCuhcxmNBczWkRHwRcMZA MBjR/06BPM8sixkl/y8Tw4BqyyqBd0+Ahy4O3CzAKwA5cyb+SomBeCTGRt9ip4Hkws7g zB1iRnugg8ooaz2ZBD2o6zBS2PseGi5eOtEwefY8kELLkPOVkQo6MoP4XJzqDPA156uE 3ogEgmzffB9iNE9J6LJxCZ053UYOo+bILkg0LxbmCtc8jQXyZ9HomBywAmTZYbBDzNik znJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=+ajTeCrHXT21FHliVearHGJMsJ4bDQk6PTTQQEenMb8=; b=PQgpLNLyAPbGzxRfaStQdZKNnFCXy2Mjvb1ahDUbayZsOIVHKQZOoBrtLu7LyxdlhW XGg484ptPL5HMEkM7Wjotzx1uoi4rpKtp/2auyd01JHwluguBiu0GRJHbZiPWI/Q/uIn Zfriv9GK5viUeBxzvFYMuWiTJoTemtWJ61uQzXmH6pnDbxjs4op/3yF9N731dLVrMtsf TF4aRM4Y2ykNd4PSZaHH7P3/GrHlcLUfmj/U+SB9LzbrgdJbdqDTF0IwdUXZSidfhojT bGMA1XL37Q+wy4mgQkOCrtbuwQSnDR4nXp1cz5flmdkldwoLXw3DXZHXxn9o/P641519 YNgw== X-Gm-Message-State: AA6/9RnF5MG0giWn3T8kAmtQ7DybD57/bsGXtRT7IZvbAZooBT897VOjhyxmNLMTK4L+CjK2C33vJx/a4sh1M2jS X-Received: by 10.36.192.9 with SMTP id u9mr2436923itf.86.1476811686057; Tue, 18 Oct 2016 10:28:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.134.68 with HTTP; Tue, 18 Oct 2016 10:28:05 -0700 (PDT) In-Reply-To: <20161018163044.14EFE3A0CBA@svn01-us-west.apache.org> References: <20161018163044.14EFE3A0CBA@svn01-us-west.apache.org> From: William A Rowe Jr Date: Tue, 18 Oct 2016 12:28:05 -0500 Message-ID: Subject: Re: svn commit: r1765475 - /httpd/httpd/trunk/modules/http/http_filters.c To: httpd Content-Type: multipart/alternative; boundary=94eb2c05aa2af2b5ea053f27035c archived-at: Tue, 18 Oct 2016 17:28:17 -0000 --94eb2c05aa2af2b5ea053f27035c Content-Type: text/plain; charset=UTF-8 Personally, I find this case of 1*hexdig ";" to more closely resemble the new rule of field-name ":" OWS field-value, which introduces a MUST reject for whitespace following request field-name in 7230 3.2.4. But Roy accepts that the implied *LWS rule is appropriate based on the errata request, and I'm fine with accepting that approach. Note we now implement this as; *hexdig [#10 LWS [ ";" *( VCHAR | obs-text | SP | TAB ) ] ]. If there are other opinions please speak up in the coming days. Cheers, Bill On Tue, Oct 18, 2016 at 11:30 AM, wrote: > Author: wrowe > Date: Tue Oct 18 16:30:43 2016 > New Revision: 1765475 > > URL: http://svn.apache.org/viewvc?rev=1765475&view=rev > Log: > Appears we cannot disallow this whitespace, since the chunk BNF coexisted > with the implied *LWS rule, before RFC7230 eliminated the later. Whether > this is actually OWS or BWS is an editorial decision beyond our pay grade. > > > > Modified: > httpd/httpd/trunk/modules/http/http_filters.c > > Modified: httpd/httpd/trunk/modules/http/http_filters.c > URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ > http/http_filters.c?rev=1765475&r1=1765474&r2=1765475&view=diff > ============================================================ > ================== > --- httpd/httpd/trunk/modules/http/http_filters.c (original) > +++ httpd/httpd/trunk/modules/http/http_filters.c Tue Oct 18 16:30:43 2016 > @@ -179,8 +179,10 @@ static apr_status_t parse_chunk_size(htt > return APR_EINVAL; > } > } > - else if (!strict && (c == ' ' || c == '\t')) { > - /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3). > + else if (c == ' ' || c == '\t') { > + /* Be lenient up to 10 implied *LWS, a legacy of RFC 2616, > + * and noted as errata to RFC7230; > + * https://www.rfc-editor.org/errata_search.php?rfc=7230& > eid=4667 > */ > ctx->state = BODY_CHUNK_CR; > if (++ctx->chunk_bws > 10) { > > > --94eb2c05aa2af2b5ea053f27035c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Personally, I find this case of 1*hexdig ";" to = more closely resemble
the new rule of field-name ":" OWS fiel= d-value, which introduces a
MUST reject for whitespace following = request field-name in 7230 3.2.4.
But =C2=A0Roy accepts that the = implied *LWS rule is appropriate based on
the errata request, and= I'm fine with accepting that approach. Note
we now implement= this as;
*hexdig [#10 LWS [ ";" *( VCHAR | obs-text | = SP | TAB ) ] ].

If there are other opinions please= speak up in the coming days.

Cheers,
Bill


=
On Tue, Oct 18, 2016 at 11:30 AM, <wrowe@apache= .org> wrote:
Author: wrowe<= br> Date: Tue Oct 18 16:30:43 2016
New Revision: 1765475

URL: http://svn.apache.org/viewvc?rev= =3D1765475&view=3Drev
Log:
Appears we cannot disallow this whitespace, since the chunk BNF coexisted with the implied *LWS rule, before RFC7230 eliminated the later. Whether this is actually OWS or BWS is an editorial decision beyond our pay grade.<= br>


Modified:
=C2=A0 =C2=A0 httpd/httpd/trunk/modules/http/http_filters.c

Modified: httpd/httpd/trunk/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=3D1765475&= ;r1=3D1765474&r2=3D1765475&view=3Ddiff
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D
--- httpd/httpd/trunk/modules/http/http_filters.c (original)
+++ httpd/httpd/trunk/modules/http/http_filters.c Tue Oct 18 16:30:43 = 2016
@@ -179,8 +179,10 @@ static apr_status_t parse_chunk_size(htt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return APR_EI= NVAL;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0}
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0}
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 else if (!strict && (c =3D=3D ' &#= 39; || c =3D=3D '\t')) {
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Be lenient up to 10 BWS (term= from rfc7230 - 3.2.3).
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 else if (c =3D=3D ' ' || c =3D=3D '= ;\t') {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Be lenient up to 10 implied *= LWS, a legacy of RFC 2616,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0* and noted as errata to R= FC7230;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0* https://www.rfc-editor.org/errata_search.php?rfc= =3D7230&eid=3D4667
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 */
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ctx->state =3D BODY_CHUN= K_CR;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (++ctx->chunk_bws >= ; 10) {



--94eb2c05aa2af2b5ea053f27035c--