W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Via header specification bug

From: Daurnimator <quae@daurnimator.com>
Date: Tue, 22 Nov 2016 23:18:41 +1100
Message-ID: <CAEnbY+fOsgT7+o3bpP9KYur=YBH_QQ8-fQcBS6GisNDX64QGiw@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
I think I found a bug in the specification of the Via header as given
in RFC 7230

>From RFC 7230: Via = 1#( received-protocol RWS received-by [ RWS comment ] )
where 1# is a special syntax that means "comma seperated list, at
least one element"

>From RFC 7230: received-by = ( uri-host [ ":" port ] ) / pseudonym
>From RFC 7230: uri-host = <host, see [RFC3986], Section 3.2.2>
>From RFC 3986: host = IP-literal / IPv4address / reg-name
>From RFC 3986: reg-name = *( unreserved / pct-encoded / sub-delims )
>From RFC 3986: sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" /
"+" / "," / ";" / "="

notice "," there in sub-delims; this means that comma is a valid
character in a host.
and hence, that using a comma to terminate a host makes no sense

e.g.
Via: 1.0 fred, 1.1 p.example.net
'fred,' is a valid uri-host
In this case, I think we might be saved by the fact that the rest of
the line doesn't match, so 'fred' ends up being a pseudonym rather
than a uri-host.

However, I believe that there might be corner cases not backed up by
this fallback.
Received on Tuesday, 22 November 2016 12:19:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 November 2016 12:19:20 UTC