W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: CRLF requirement

From: David Krauss <potswa@gmail.com>
Date: Wed, 2 Jul 2014 09:22:47 +0800
Cc: ietf-http-wg@w3.org
Message-Id: <BBC95CA9-3F26-4892-966B-C868C9CD9009@gmail.com>
To: Martin Nilsson <nilsson@opera.com>

On 2014–07–02, at 8:01 AM, Martin Nilsson <nilsson@opera.com> wrote:

> The vintage is 2009. I would assume that the proxy (that scrambled the connection header), received a header block composed with \r and \r\r. It parsed it, modified it and then glued it together and botched the header termination sequence.

It looks to me like the proxy received valid input (\r\n) but at some point assumed that newline is a single character — it treated the socket as if it were in text mode. The header content was extracted correctly. Perhaps the author noticed a bug when taking \n as the line terminator. But, to re-add the newline, it used byte-oriented C string processing and only got the \r instead.

On the last line, he intended to add two bytes to get \n\n, hence we get a single \r\n. Which is the correct sequence to introduce a new header, but instead the content follows.

Also, somehow the word Connection got munged to nnCoection. Never underestimate the expressive power of old-school C — I’d wager that this is somehow the result of a typo where the backslash was omitted from “\n” in the source.

It’s totally reasonable to ask others to handle this sort of bug. Whether or not my intuitive inferences are correct, this is not the output of a production-quality program.
Received on Wednesday, 2 July 2014 01:23:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:35 UTC