Yves Lafon wrote: > >Henrik Nordstrom wrote: > >>Hmm.. maybe there is also request smuggling attacks possible > >>here if there is some server/proxy software ignoring that there may be a > >>request body.. > > > >See also "Content-Length : 12345" (note the space). I think that is > >interpreted as a Content-Length header by some agents, and a > >"Content-Length " header by others (i.e. not implying a body), and > >disallowed as bad syntax by others. Ample opportunities for request > >smuggling. > > Alex Rousskov pointed out some time ago that it was covered by the spec in > 2.1, implied *LWS. > So it should always be interpreted as "Content-Length" In fact, Alex and I read the identical text and disagreed over whether it allows *LWS before the colon. (Which, by the way, means that text should be clarified in any new revision). But that's besides the point; what the spec covers is theoretical. In theory, there are no request smuggling attacks. As I recall, from looking at source code, actually deployed implementations interpret "Content-Length : 12345" in all the ways I described. See also " Content-Length: 12345" (space before the name) for additional surprises. -- JamieReceived on Thursday, 18 January 2007 21:33:41 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 4 October 2011 12:13:57 GMT