- From: Travis Snoozy (Volt) <a-travis@microsoft.com>
- Date: Fri, 29 Dec 2006 15:58:31 -0800
- To: David Morris <dwm@xpasc.com>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
David Morris said: > Look at the bright side ... you got an error message from IE7 .... > in the long established tradition of clear messages, the message > even related to to problem. > > IE6 is totally confused and ends up downloaning 451,140 bytes and > declares success ... > Well, there's a good 60+% of users on the WWW that won't interoperate with this particular server using this particular file, then. IIS appears to have an integer overflow (!) when replying to a HEAD method on a file greater than 4GiB: HEAD http://localhost/testdir/test.gbg HTTP/1.1 Content-Length: 0 Host: localhost HTTP/1.1 200 OK Server: Microsoft-IIS/5.1 X-Powered-By: ASP.NET Date: Fri, 29 Dec 2006 23:30:51 GMT Content-Type: application/octet-stream Accept-Ranges: bytes Last-Modified: Fri, 29 Dec 2006 23:21:54 GMT ETag: "c9226120a02bc71:909" Content-Length: 73314544 For reference, the size of the file is 4,368,281,840 bytes, 4GiB is 4,294,967,295 bytes, and the difference is 73,314,545 bytes (the value of Content-Length + 1). The actual GET returns a 501/Not Supported, but the erroneous HEAD reply is still Bad and Wrong. Not that it's a surprise; these are the _exact_ problems that I predicted would show up, based solely on what the spec said. Go figure. More digging in more products will very likely uncover similar issues (and not just in Content-Length, but anywhere where 1*DIGIT is present). -- Travis
Received on Friday, 29 December 2006 23:58:45 UTC