W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

RE: Large content size value

From: Travis Snoozy (Volt) <a-travis@microsoft.com>
Date: Fri, 29 Dec 2006 15:58:31 -0800
To: David Morris <dwm@xpasc.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <86EDC3963F04D546BED8996F77D290F6049D117D2B@NA-EXMSG-C138.redmond.corp.microsoft.com>


David Morris said:
> Look at the bright side ... you got an error message from IE7 ....
> in the long established tradition of clear messages, the message
> even related to to problem.
>
> IE6 is totally confused and ends up downloaning 451,140 bytes and
> declares success ...
>

Well, there's a good 60+% of users on the WWW that won't interoperate with this particular server using this particular file, then. IIS appears to have an integer overflow (!) when replying to a HEAD method on a file greater than 4GiB:

HEAD http://localhost/testdir/test.gbg HTTP/1.1
Content-Length: 0
Host: localhost

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.1
X-Powered-By: ASP.NET
Date: Fri, 29 Dec 2006 23:30:51 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Fri, 29 Dec 2006 23:21:54 GMT
ETag: "c9226120a02bc71:909"
Content-Length: 73314544

For reference, the size of the file is 4,368,281,840 bytes, 4GiB is 4,294,967,295 bytes, and the difference is 73,314,545 bytes (the value of Content-Length + 1). The actual GET returns a 501/Not Supported, but the erroneous HEAD reply is still Bad and Wrong.

Not that it's a surprise; these are the _exact_ problems that I predicted would show up, based solely on what the spec said. Go figure. More digging in more products will very likely uncover similar issues (and not just in Content-Length, but anywhere where 1*DIGIT is present).


-- Travis
Received on Friday, 29 December 2006 23:58:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT