- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 08 Aug 2014 23:08:11 +1200
- To: ietf-http-wg@w3.org
On 8/08/2014 6:50 p.m., Mark Nottingham wrote: > Indeed. From <http://tools.ietf.org/html/draft-ietf-httpbis-http2-14#section-8.1>: > >> 3. zero or more DATA frames containing the message payload (see [RFC7230], Section 3.3) > > "payload" is a very specific term, and it is *not* processed for chunks. > Excellent. So the sender application just excludes Content-Length and chunked-encodes the representation. The framing layer DATA frames the chunks without inspecting to find where END_STREAM flag applies. * Applications (whether DoS generators or innocent bunglers) can now force recipients to hold onto HTTP/2 stream context indefinitely for up to 2^31-1 streams. Just by emitting chunked encoded byte stream for DATA encoding. It not being de-chunked to find the 0-chunk where END_STREAM applies. * request smugglers can now abuse h2->1.1 gateways. Just send without content-length and having a "0\r\n" prefix on the 1.1 message smuggled inside DATA. Amos
Received on Friday, 8 August 2014 11:08:49 UTC