W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: "chunked" as non-final transfer-extension

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 07 Mar 2011 09:41:13 +0100
Message-ID: <4D749A29.105@gmx.de>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
CC: ietf-http-wg@w3.org
On 06.03.2011 23:31, Bjoern Hoehrmann wrote:
> Hi,
>
>    I ran across https://rt.cpan.org/Public/Bug/Display.html?id=61960 and
> could not find this in draft-ietf-httpbis-p1-messaging-12.txt. It seems
> to me the specification should say "chunked" as transfer-extension is
> only valid if it is the last transfer-coding, otherwise you're likely

We have in 
<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-12.html#rfc.section.6.2.1.p.10>:

"Since "chunked" is the only transfer-coding required to be understood 
by HTTP/1.1 recipients, it plays a crucial role in delimiting messages 
on a persistent connection. Whenever a transfer-coding is applied to a 
payload body in a request, the final transfer-coding applied MUST be 
"chunked". If a transfer-coding is applied to a response payload body, 
then either the final transfer-coding applied MUST be "chunked" or the 
message MUST be terminated by closing the connection. When the "chunked" 
transfer-coding is used, it MUST be the last transfer-coding applied to 
form the message-body. The "chunked" transfer-coding MUST NOT be applied 
more than once in a message-body."

> dealing with some form of attack (unfortunately many mainstream imple-
> mentations use, say, `strstr` to check for "chunked", so they misbe-
> have if you do something like `Transfer-Encoding: bogochunked`; that
> might also be worth a "It is incorrect to..." note).
> ...

BR, Julian
Received on Monday, 7 March 2011 08:41:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT