W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

"chunked" as non-final transfer-extension

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Sun, 06 Mar 2011 23:31:09 +0100
To: ietf-http-wg@w3.org
Message-ID: <hh28n65aqb4o4o8hvmk803ff8qirmrujjv@hive.bjoern.hoehrmann.de>
Hi,

  I ran across https://rt.cpan.org/Public/Bug/Display.html?id=61960 and
could not find this in draft-ietf-httpbis-p1-messaging-12.txt. It seems
to me the specification should say "chunked" as transfer-extension is
only valid if it is the last transfer-coding, otherwise you're likely
dealing with some form of attack (unfortunately many mainstream imple-
mentations use, say, `strstr` to check for "chunked", so they misbe-
have if you do something like `Transfer-Encoding: bogochunked`; that
might also be worth a "It is incorrect to..." note).

regards,
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Sunday, 6 March 2011 22:31:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT