- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Tue, 12 Oct 2010 22:56:05 +0200
- To: Adrien de Croy <adrien@qbik.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
* Adrien de Croy wrote: >I agree. The current spec presumes it's an innocent error that a >Content-Length header sneaked in, and really it's meant to be chunked if >there's a Transfer-Encoding: chunked header. > >However for any other problem scenario, this leads to other issues which >show up as malformed chunks if you're lucky. > >I'm struggling to see how this could be used in an attack though. If all participants in a HTTP communication agree that the messages are delimited by the lengths indicated for the chunks (or by the length in the Content-Length header) then there is no problem, but if some use the Content-Length headers while others use the chunks the framing is broken and an attacker may be able to get some of the participants to treat the entity body of a message as request or response. Using both is already forbidden and what to do if you do not want to abort the connection is also well-defined. That HTTP implementations may also abort a connection if they feel like it is already clear, so there does not seem to be anything that needs changing (and a requirement to abort the connection would probably be widely ignored at least for some time). -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Tuesday, 12 October 2010 20:56:49 UTC