W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Dealing with bad server chunking

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 15 Mar 2013 13:50:48 +0100
To: "Adrien W. de Croy" <adrien@qbik.com>
Cc: "IETF HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <to56k8tnuo7n4lokn71prh8vmemlib329d@hive.bjoern.hoehrmann.de>
* Adrien W. de Croy wrote:
>we have recently had issues with a site where the server sends chunked 
>responses back but closes the TCP connection prior to sending any 0 
>chunk (in fact we never see a packet with this).

>Is this actually a security issue, or should we be more tolerant?  The 
>customer of course just wants to be able to go to the page, and chances 
>of getting it fixed seem slim.   Is this also a known bug in IIS6.0?

If a network attacker can cause this to happen this can change how the
content is interpreted; for instance, `"a b"` and `"a b` without the
closing quote can be interpreted very differently in many formats and
protocols, so this might, for instance, open up XSS vulnerabilities.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Friday, 15 March 2013 12:51:19 GMT

This archive was generated by hypermail 2.3.1 : Friday, 15 March 2013 12:51:23 GMT