Re: Leading zeroes in 1*DIGIT productions

On Sun, 21 Dec 2008, Jamie Lokier wrote:

> David Morris wrote:
> > A few leading zeros sent by a sloppy program won't impact the network.
>
> What about a million leading zeros in a chunk header from a malicious
> program?  Should implementations be expected to accept that?

An implementation can always set limits to protect itself. That is just
good programming. Certainly the HTTP specification doesn't have to
describe common sense.

>
> Also, is it permitted for a proxy to change Content-Length by removing
> leading zeros?

Of course, just like a proxy is free to convert chunked encoding to
explict content length. Or in the right circumstances, the converse.


>
> -- Jamie
>

Received on Sunday, 21 December 2008 04:50:32 UTC