W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2008

Re: Leading zeroes in 1*DIGIT productions

From: David Morris <dwm@xpasc.com>
Date: Sat, 20 Dec 2008 20:49:50 -0800 (PST)
cc: <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.33.0812202045290.14905-100000@egate.xpasc.com>

On Sun, 21 Dec 2008, Jamie Lokier wrote:

> David Morris wrote:
> > A few leading zeros sent by a sloppy program won't impact the network.
> What about a million leading zeros in a chunk header from a malicious
> program?  Should implementations be expected to accept that?

An implementation can always set limits to protect itself. That is just
good programming. Certainly the HTTP specification doesn't have to
describe common sense.

> Also, is it permitted for a proxy to change Content-Length by removing
> leading zeros?

Of course, just like a proxy is free to convert chunked encoding to
explict content length. Or in the right circumstances, the converse.

> -- Jamie
Received on Sunday, 21 December 2008 04:50:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:47 UTC