Re: COPY: "Duplicate" functionality from Daurnimator on 2016-12-09 (ietf-http-wg@w3.org from October to December 2016)

From: Daurnimator <quae@daurnimator.com>
Date: Fri, 9 Dec 2016 15:16:17 +1100
To: ChanMaxthon <xcvista@me.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, Graham Leggett <minfrin@sharp.fm>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAEnbY+cx4S2OmnnOAG2PgfALYqA2P7Pyuy0cyrTd_ftgNEeFtg@mail.gmail.com>

On 1 November 2016 at 16:18, ChanMaxthon <xcvista@me.com> wrote:
> I think you can generate a name, HEAD it, and then COPY it if you get a 404.

That's a latent TOCTOU vulnerability.

Instead, specify "Overwrite: F" and do the copy with a suffix of your
choosing e.g " (1)".
If you get a 412 in response then increment and try with e.g. a suffix of " (2)"

Alternatively, you could generate a unique path (e.g. a UUID) and use that.

Received on Friday, 9 December 2016 04:16:52 UTC