W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

chunking without chunking

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 17 Jun 2009 18:40:10 +1200
Message-ID: <4A388FCA.9080307@qbik.com>
To: HTTP Working Group <ietf-http-wg@w3.org>

Hi all

sorry, today seems to be a run of issues.  We found a website that sends 
Transfer-Encoding: chunked, but then doesn't send the data chunked.  
This means the first line of content is parsed as a chunk header, which 
resolves to a chunk length of 0, since the first line is non-numeric.

OK, so this is obviously seriously broken.  And it broke our proxy, 
since we decided we were getting a 0 chunk right up followed by a bunch 
of extraneous data.

However, it works in IE and Chrome.  Firefox spins its wheels indefinitely.

So, IE (8) and Chrome (2) can scavenge the data out of a stream that is 
supposed to be chunked but isn't.  This is possibly a security problem 
for these browsers.

The URL I was hitting is

http://www.nrhrehab.org/Locations/Locations_Page.aspx?id=48

It loads a bunch of JS pages, which exhibit this issue.

The server is reporting itself as IIS 6.  Is this a common problem with 
IIS, or is this likely to be a bug in their ASPX, e.g. inserting the 
Transfer-Encoding header from script, but not actually doing the 
chunking, and IIS 6 not trapping this?

Handling this cleanly is difficult.  We get complaints from customers 
that the proxy breaks the site, because their browser works fine going 
direct to the site, so it must be the proxy's fault.

Adrien

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Wednesday, 17 June 2009 06:37:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:04 GMT