W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2008

Re: Leading zeroes in 1*DIGIT productions

From: David Morris <dwm@xpasc.com>
Date: Sat, 20 Dec 2008 20:49:50 -0800 (PST)
cc: <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.33.0812202045290.14905-100000@egate.xpasc.com>



On Sun, 21 Dec 2008, Jamie Lokier wrote:

> David Morris wrote:
> > A few leading zeros sent by a sloppy program won't impact the network.
>
> What about a million leading zeros in a chunk header from a malicious
> program?  Should implementations be expected to accept that?

An implementation can always set limits to protect itself. That is just
good programming. Certainly the HTTP specification doesn't have to
describe common sense.

>
> Also, is it permitted for a proxy to change Content-Length by removing
> leading zeros?

Of course, just like a proxy is free to convert chunked encoding to
explict content length. Or in the right circumstances, the converse.


>
> -- Jamie
>
Received on Sunday, 21 December 2008 04:50:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:58 GMT