- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 8 Aug 2014 09:12:57 -0700
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 8 August 2014 04:08, Amos Jeffries <squid3@treenet.co.nz> wrote: > > So the sender application just excludes Content-Length and > chunked-encodes the representation. The framing layer DATA frames the > chunks without inspecting to find where END_STREAM flag applies. > > * Applications (whether DoS generators or innocent bunglers) can now > force recipients to hold onto HTTP/2 stream context indefinitely for up > to 2^31-1 streams. Just by emitting chunked encoded byte stream for DATA > encoding. It not being de-chunked to find the 0-chunk where END_STREAM > applies. > > * request smugglers can now abuse h2->1.1 gateways. Just send without > content-length and having a "0\r\n" prefix on the 1.1 message smuggled > inside DATA. The complete opposite in fact. If you pack chunked encoding in, then that is (likely) garbage. That's all.
Received on Friday, 8 August 2014 16:13:25 UTC