Re: 2.6.STABLE8 in the pipeline

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Fri, 19 Jan 2007 11:40:34 +0100

fre 2007-01-19 klockan 14:20 +0800 skrev ShuXin Zheng:
> OK, since that is just for dealing with buggy servers, it should do better
> and can also handle "Transfer-Encoding and Content-Length are presented
> in one reply header". Isn't it ?

It rejects responses with both chunked and content-length due to
response splitting attacks which is otherwise possible in mixed
environments.

Lets deal with one protocol violation at a time. Servers sending chunked
+ content-length is doubly violating the protocol and won't be dealt
with yet. (MUST NOT send chunked in response to HTTP/1.0 request, MUST
NOT send content-length in chunked response).

If this turns out to be a significant problem with servers being broken
in this manner as well then we may implement workarounds for this, but
blindly doing what the RFC suggests and simply ignoring Content-Length
is not secure and will cause even more problems.

Regards
Henrik

Received on Fri Jan 19 2007 - 03:40:41 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:02 MST