- From: Travis Snoozy (Volt) <a-travis@microsoft.com>
- Date: Fri, 29 Dec 2006 13:41:36 -0800
- To: Justin Erenkrantz <justin@erenkrantz.com>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Travis Snoozy said: > Justin Erenkrantz said: > > On 12/21/06, Travis Snoozy (Volt) <a-travis@microsoft.com> wrote: > > > Anyone know how Apache handles this, off the top of their heads? > > > Squid? Other servers? Clients? > > > > httpd 2.2 and newer parses incoming Content-Length as an off_t which > > if LFS is enabled is 64-bit, otherwise, it'd be 32-bit. (Almost all > > modern platforms are LFS-enabled these days.) 1.3 and 2.0 use 'long'. > > >>http://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/http/http_filters.c > > > > See the call to apr_strtoff() there. > > Ah; thank you! So, half of my guess was right, and the other half was > wrong: the most widely-used server on the 'net does not use bignums here, > but the code DOES consider the overflow condition (in the case of content- > length, at least). The underlying functions (strtol/strtoi) are also > specified to saturate, as opposed to wrap, so that's a plus, too. > > Can anyone clue me in on Firefox? I've answered my own question through a little empirical testing. Here's a response to "HEAD http://cdimage.debian.org/debian-cd/3.1_r4/i386/iso-dvd/debian-31r4-i386-binary-1.iso HTTP/1.1" (no headers): HTTP/1.1 200 OK Connection: Keep-Alive Content-Length: 4683952128 Age: 4683 Expires: Sat, 30 Dec 2006 19:49:30 GMT Date: Fri, 29 Dec 2006 21:07:33 GMT Content-Type: application/octet-stream ETag: "19987f7-1172f7000-4225dbbfc0000" Server: Apache/2.2.3 (Unix) Last-Modified: Thu, 16 Nov 2006 14:04:48 GMT Accept-Ranges: bytes Keep-Alive: timeout=5, max=1000 (I stripped some proxy info. I promise it was valid :) IE7 (!) on 32-bit Windows XP chokes (I don't have the equipment to try the 64-bit version). It will not download this file, very probably because of the Content-Length. The error message is: Internet Explorer cannot download [...the file...] from cdimage.debian.org The supplied HTTP header is invalid Note: invalid. There is nothing actually invalid about the above headers. It's just that content-length is bigger than 32 bits can handle. Firefox (2.0.0.1), however, gets it right and downloads the file. So, this is a problem. It's very, very, very unfortunate that the IE7 folks let this one slip through. However, this is _exactly_ what I expected to happen, because the behavior is unspecified, and clients tend to not want to work on things bigger than a native word. I'd be interested to hear if this problem exists on earlier versions of IE, because that has ramifications about how servers should go about serving huge files (mostly because IE has such a large installed base). If this happens with other clients, that would be good to know, too. -- Travis
Received on Friday, 29 December 2006 21:41:57 UTC